CVE-2010-1429

First published: Mon Apr 26 2010(Updated: )

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Jboss Enterprise Application Platform	=4.3.0-cp06
Redhat Jboss Enterprise Application Platform	=4.2.0-cp01
Redhat Jboss Enterprise Application Platform	=4.2.0-cp06
Redhat Jboss Enterprise Application Platform	<=4.3.0
Redhat Jboss Enterprise Application Platform	=4.2
Redhat Jboss Enterprise Application Platform	=4.3.0-cp01
Redhat Jboss Enterprise Application Platform	=4.2.0-cp05
Redhat Jboss Enterprise Application Platform	=4.2.0-cp04
Redhat Jboss Enterprise Application Platform	=4.3.0-cp04
Redhat Jboss Enterprise Application Platform	=4.2.0-cp03
Redhat Jboss Enterprise Application Platform	=4.3
Redhat Jboss Enterprise Application Platform	=4.2.0-cp07
Redhat Jboss Enterprise Application Platform	=4.3.0-cp03
Redhat Jboss Enterprise Application Platform	=4.3.0-cp02
Redhat Jboss Enterprise Application Platform	<=4.2.0
Redhat Jboss Enterprise Application Platform	=4.3.0-cp05
Redhat Jboss Enterprise Application Platform	=4.2.0-cp02

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-1429
agent/tags
agent/trending
vendor/redhat
canonical/redhat jboss enterprise application platform
version/redhat jboss enterprise application platform/4.3.0-cp06
version/redhat jboss enterprise application platform/4.2.0-cp01
version/redhat jboss enterprise application platform/4.2.0-cp06
version/redhat jboss enterprise application platform/4.3.0
version/redhat jboss enterprise application platform/4.2
version/redhat jboss enterprise application platform/4.3.0-cp01
version/redhat jboss enterprise application platform/4.2.0-cp05
version/redhat jboss enterprise application platform/4.2.0-cp04
version/redhat jboss enterprise application platform/4.3.0-cp04
version/redhat jboss enterprise application platform/4.2.0-cp03
version/redhat jboss enterprise application platform/4.3
version/redhat jboss enterprise application platform/4.2.0-cp07
version/redhat jboss enterprise application platform/4.3.0-cp03
version/redhat jboss enterprise application platform/4.3.0-cp02
version/redhat jboss enterprise application platform/4.2.0
version/redhat jboss enterprise application platform/4.3.0-cp05
version/redhat jboss enterprise application platform/4.2.0-cp02

CVE-2010-1429

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact