High severity7.5CISA KEVNVD Advisory· Published Apr 28, 2010· Updated Apr 22, 2026

CVE-2010-1428

Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Affected products

Red Hat/Jboss Enterprise Application Platform2 versions
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdExploitMailing List
secunia.com/advisories/39563nvdBroken LinkVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/39710nvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2010/0992nvdBroken LinkVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/58148nvdThird Party AdvisoryVDB Entry
rhn.redhat.com/errata/RHSA-2010-0376.htmlnvdBroken LinkVendor Advisory
rhn.redhat.com/errata/RHSA-2010-0379.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
rhn.redhat.com/errata/RHSA-2010-0377.htmlnvdBroken Link
rhn.redhat.com/errata/RHSA-2010-0378.htmlnvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.054
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060