CVE-2010-1429
28.04.2010, 22:30
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 𝑥 ≤ 4.2.0 |
| redhat | jboss_enterprise_application_platform | 𝑥 ≤ 4.3.0 |
| redhat | jboss_enterprise_application_platform | 4.2 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp01 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp02 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp03 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp04 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp05 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp06 |
| redhat | jboss_enterprise_application_platform | 4.2.0:cp07 |
| redhat | jboss_enterprise_application_platform | 4.3 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp01 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp02 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp03 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp04 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp05 |
| redhat | jboss_enterprise_application_platform | 4.3.0:cp06 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References