Exploited
high
7.5
CWE
264 749
Advisory Published
CVE Published
Updated

CVE-2010-1428: Red Hat JBoss Information Disclosure Vulnerability

First published: Mon Apr 26 2010(Updated: )

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
JBoss Enterprise Application Platform=4.3.0-cp06
JBoss Enterprise Application Platform=4.2.0-cp01
JBoss Enterprise Application Platform=4.2.0-cp06
JBoss Enterprise Application Platform<=4.3.0
JBoss Enterprise Application Platform=4.2
JBoss Enterprise Application Platform=4.3.0-cp01
JBoss Enterprise Application Platform=4.2.0-cp05
JBoss Enterprise Application Platform=4.2.0-cp04
JBoss Enterprise Application Platform=4.3.0-cp04
JBoss Enterprise Application Platform=4.2.0-cp03
JBoss Enterprise Application Platform=4.3
JBoss Enterprise Application Platform=4.2.0-cp07
JBoss Enterprise Application Platform=4.3.0-cp03
JBoss Enterprise Application Platform=4.3.0-cp02
JBoss Enterprise Application Platform<=4.2.0
JBoss Enterprise Application Platform=4.3.0-cp05
JBoss Enterprise Application Platform=4.2.0-cp02
JBoss
JBoss Enterprise Application Platform=4.2.0
JBoss Enterprise Application Platform=4.3.0
=4.2.0
=4.3.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2010-1428?

    CVE-2010-1428 is classified as a high severity vulnerability due to its potential to expose sensitive information.

  • How do I fix CVE-2010-1428?

    To fix CVE-2010-1428, update to JBoss Enterprise Application Platform version 4.2.0.CP09 or 4.3.0.CP08 or later.

  • What types of access does CVE-2010-1428 affect?

    CVE-2010-1428 affects access control for the GET and POST methods, allowing unauthorized access.

  • Is CVE-2010-1428 present in JBoss EAP 4.3.0?

    Yes, CVE-2010-1428 is present in JBoss EAP versions 4.2.0 before CP09 and 4.3.0 before CP08.

  • What impact does CVE-2010-1428 have on applications using JBoss?

    CVE-2010-1428 can lead to unauthorized access to sensitive information within applications that use vulnerable JBoss versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203