CVE-2010-1428 - Red Hat JBoss Information Disclosure Vulnerability
Project:Red Hat
Product:JBoss
Date Added:2022-05-25Due Date:2022-06-15
Vulnerability Name
Red Hat JBoss Information Disclosure Vulnerability
Description
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-1428