cbcvebase.
CVE-2010-1428
published 2010-04-28

CVE-2010-1428: The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before…

PriorityP186high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
62.31%
99.1th percentile
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Affected

2 ranges
VendorProductVersion rangeFixed in
redhatjboss_enterprise_application_platform
redhatjboss_enterprise_application_platform

Detection & IOCsextracted from sources · hover to see the quote

path/web-console
  • Detect HTTP requests to /web-console using methods other than GET and POST (e.g., HEAD, PUT, DELETE, TRACE, OPTIONS) — these bypass JBoss EAP access controls and indicate exploitation of CVE-2010-1428.
  • CVE-2010-1428 is actively exploited by SamSam ransomware actors targeting unpatched JBoss servers; treat any anomalous non-GET/POST access to /web-console as a high-priority alert in ransomware triage.
  • Use the Metasploit auxiliary module jboss_vulnscan (rapid7/metasploit-framework) to scan for this and related JBoss vulnerabilities during assessment.
  • ·The /web-console path blocks only GET and POST by default; non-standard HTTP verbs (HEAD, PUT, DELETE, TRACE, OPTIONS, etc.) are NOT blocked and bypass authentication entirely on JBoss EAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.