Vulnerability — CVE-2010-1428

CVE-2010-1428

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2010-1428
Description:: The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Last updated date:: 06/28/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/02/2018
Reference url to background: https://news.sophos.com/en-us/2018/05/02/shutting-out-samsam-ransomware/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/28/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/28/2024
Reference url to background: http://marc.info/?l=bugtraq&m=132698550418872&w=2