The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Computer Associates ControlMinder

vulnerability bulletin CVE-2010-0738 CVE-2010-1428 CVE-2010-1429

JBoss Enterprise Application Platform: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information.
Impacted products: ControlMinder, HPE BAC, HPE BSM, HPE NNMi, Junos Space, Junos Space Network Management Platform, RHEL, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/04/2010.
Identifiers: BID-39710, c03057508, c03127140, c03824583, CA20130213-01, CERTA-2013-AVI-440, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, HPSBMU02714, HPSBMU02736, HPSBMU02894, RHSA-2010:0376-01, RHSA-2010:0377-01, RHSA-2010:0378-01, RHSA-2010:0379-01, SSRT100244, SSRT100699, VIGILANCE-VUL-9613.

Description of the vulnerability

Three vulnerabilities were announced in JBoss Enterprise Application Platform.

An attacker can use an HTTP query different from GET/POST in order to access to the JMX Console. [severity:3/4; CVE-2010-0738]

An attacker can use an HTTP query different from GET/POST in order to access to the Web Console (/web-console). [severity:3/4; CVE-2010-1428]

An attacker can access to the status servlet, in order to obtain sensitive information. [severity:2/4; CVE-2010-1429]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.