CVE-2010-1429
published 2010-04-28CVE-2010-1429: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain…
PriorityP343medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
53.73%
98.9th percentile
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | <= 4.2.0 | — |
| redhat | jboss_enterprise_application_platform | <= 4.3.0 | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /status?full=true returning HTTP 200 with body containing 'JVM', 'memory', and 'localhost/' indicates a vulnerable JBoss EAP status servlet exposure ↗
- →Shodan queries 'title:"JBoss"' or 'http.title:"jboss"' can identify exposed JBoss EAP instances potentially vulnerable to this status servlet information disclosure ↗
- →Unauthenticated access to the JBoss status servlet exposes JVM memory stats, deployed web context paths, GET parameters, and client IP addresses — monitor for unauthenticated requests to /status with full=true parameter ↗
- →The vulnerability was re-introduced by a bug fix in JBoss EAP 4.2.0.CP06 and 4.3.0.CP04; focus detection on those specific version ranges (4.2 before CP09, 4.3 before CP08) ↗
- ·The Metasploit jboss_status module was tested against specific JBoss versions; coverage may not extend to all affected releases ↗
- ·This CVE is a regression of CVE-2008-3273; environments that previously patched CVE-2008-3273 via CP03/CP01 but then applied CP06/CP04 updates may have re-introduced the vulnerability without awareness ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x26p-67q3-4mfx: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2010-1429 [MEDIUM] GHSA-x26p-67q3-4mfx: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Red Hat
JBossEAP status servlet info leak
vendor_redhat·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] JBossEAP status servlet info leak
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
No detection rules found.
Metasploit
JBoss Vulnerability Scanner
metasploit
JBoss Vulnerability Scanner
JBoss Vulnerability Scanner
This module scans a JBoss instance for a few vulnerabilities.
Metasploit
JBoss Status Servlet Information Gathering
metasploit
JBoss Status Servlet Information Gathering
JBoss Status Servlet Information Gathering
This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3.
Nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
nuclei·CVSS 5.0
CVE-2010-1429 [MEDIUM] Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Template:
id: CVE-2010-1429
info:
name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
author: R12W4N
severity: medium
description: |
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain
HackerOne
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
hackerone·2024-08-30·CVSS 5.0
CVE-2010-1429 [MEDIUM] CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
## Summary:
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. this issue exists because of a CVE-2008-3273 regression. by requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
## Proof of concept
1. Navigate intercept / visit hostserver on https://h30f.n1.ips.mtn.co.ug/status?full=true
1. You can see on the page is sensitive has exposed
1. Bellow of vulnerable code
```java
#inc
Bugzilla
CVE-2010-1429 JBossEAP status servlet info leak
bugzilla·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] CVE-2010-1429 JBossEAP status servlet info leak
CVE-2010-1429 JBossEAP status servlet info leak
The JBoss Enterprise Application Platform 4.2.0.CP03 and 4.3.0.CP01 updates for Red Hat Enterprise Linux 4 and 5 fixed an issue (CVE-2008-3273) where unauthenticated users were able to access the status servlet; however, a bug fix included in the 4.2.0.CP06 and 4.3.0.CP04 updates re-introduced the issue.
A remote attacker could use this flaw to acquire details about deployed web contexts.
Discussion:
This issue has been addressed in following products:
JBEAP 4.2.0 for RHEL 4
Via RHSA-2010:0376 https://rhn.redhat.com/errata/RHSA-2010-0376.html
---
This issue has been addressed in following products:
JBEAP 4.3.0 for RHEL 4
Via RHSA-2010:0377 https://rhn.redhat.com/errata/RHSA-2010-0377.html
---
This issue has been addressed in follo
http://marc.info/?l=bugtraq&m=132698550418872&w=2http://secunia.com/advisories/39563http://securitytracker.com/id?1023918http://www.securityfocus.com/bid/39710http://www.vupen.com/english/advisories/2010/0992https://bugzilla.redhat.com/show_bug.cgi?id=585900https://exchange.xforce.ibmcloud.com/vulnerabilities/58149https://rhn.redhat.com/errata/RHSA-2010-0376.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0377.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0378.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0379.htmlhttps://www.exploit-db.com/exploits/44009/http://marc.info/?l=bugtraq&m=132698550418872&w=2http://secunia.com/advisories/39563http://securitytracker.com/id?1023918http://www.securityfocus.com/bid/39710http://www.vupen.com/english/advisories/2010/0992https://bugzilla.redhat.com/show_bug.cgi?id=585900https://exchange.xforce.ibmcloud.com/vulnerabilities/58149https://rhn.redhat.com/errata/RHSA-2010-0376.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0377.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0378.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0379.htmlhttps://www.exploit-db.com/exploits/44009/
2010-04-28
Published