Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1429Redhat Jboss Enterprise Application Platform vulnerability

9 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
27.4%
top 3.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedApr 28
Latest updateAug 30

Description

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-x26p-67q3-4mfx: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 42022-05-02
CVEList
CVE-2010-1429: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 42010-04-28

💥Exploits & PoCs

3
Metasploit
JBoss Vulnerability Scanner
Metasploit
JBoss Status Servlet Information Gathering
Nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

📋Vendor Advisories

1
Red Hat
JBossEAP status servlet info leak2010-04-26

💬Community

2
HackerOne
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug2024-08-30
Bugzilla
CVE-2010-1429 JBossEAP status servlet info leak2010-04-26
CVE-2010-1429 — Redhat vulnerability | cvebase