{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2010:0379", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"}, {"name": "RHSA-2010:0378", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"}, {"name": "RHSA-2010:0376", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"}, {"name": "8408", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8408"}, {"name": "RHSA-2010:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"}, {"name": "ADV-2010-0992", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0992"}, {"name": "HPSBMU02714", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"}, {"name": "jboss-jmxconsole-security-bypass(58147)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"}, {"name": "SSRT100244", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"}, {"name": "39710", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39710"}, {"name": "39563", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39563"}, {"name": "1023918", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023918"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:38.958Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2010:0379", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"}, {"name": "RHSA-2010:0378", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"}, {"name": "RHSA-2010:0376", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"}, {"name": "8408", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8408"}, {"name": "RHSA-2010:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"}, {"name": "ADV-2010-0992", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0992"}, {"name": "HPSBMU02714", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"}, {"name": "jboss-jmxconsole-security-bypass(58147)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"}, {"name": "SSRT100244", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"}, {"name": "39710", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39710"}, {"name": "39563", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39563"}, {"name": "1023918", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023918"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0738", "datePublished": "2010-04-28T22:00:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2024-08-07T00:59:38.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."}, {"lang": "es", "value": "La aplicaci\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\u00f3lo para los m\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\u00f3n que usan un m\u00e9todo diferente. \r\n"}], "id": "CVE-2010-0738", "lastModified": "2024-06-28T17:29:24.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-04-28T22:30:00.447", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List"], "url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/39563"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://securityreason.com/securityalert/8408"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1023918"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/39710"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0992"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Giorgio Fedon (Minded Security) and Stefano Di Paola (Minded Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.10.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.24.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0376", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.24.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0378", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0377", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}, {"advisory": "RHSA-2010:0379", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-04-27T00:00:00Z"}], "bugzilla": {"description": "JBoss EAP jmx authentication bypass with crafted HTTP request", "id": "574105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-284", "details": ["The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."], "name": "CVE-2010-0738", "public_date": "2010-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-0738\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0738\nhttps://access.redhat.com/kb/docs/DOC-30741\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}