{"api_version":"1","generated_at":"2026-04-26T09:23:33+00:00","cve":"CVE-2010-0738","urls":{"html":"https://cve.report/CVE-2010-0738","api":"https://cve.report/api/cve/CVE-2010-0738.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-0738","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-0738"},"summary":{"title":"CVE-2010-0738","description":"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.","state":"PUBLISHED","assigner":"redhat","published_at":"2010-04-28 22:30:00","updated_at":"2026-04-22 14:37:41"},"problem_types":["NVD-CWE-noinfo","CWE-749","n/a","CWE-749 CWE-749 Exposed Dangerous Method or Function"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0377.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/39563","name":"http://secunia.com/advisories/39563","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Red Hat JBoss Enterprise Application Platform Three Security Issues - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0378.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=132129312609324&w=2","name":"http://marc.info/?l=bugtraq&m=132129312609324&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"'[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0992","name":"http://www.vupen.com/english/advisories/2010/0992","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=574105","name":"https://bugzilla.redhat.com/show_bug.cgi?id=574105","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"Bug 574105 – CVE-2010-0738 JBoss EAP jmx authentication bypass with crafted HTTP request","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/39710","name":"http://www.securityfocus.com/bid/39710","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"JBoss Enterprise Application Platform Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0376.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35","name":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Vulnerability Report - JMX-Console in JBoss AS is vulnerable to attack","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0379.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securitytracker.com/id?1023918","name":"http://securitytracker.com/id?1023918","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityTracker.com Archives - JBoss Enterprise Application Platform Bugs Let Remote Users Bypass Authentication and Access Potentially Sensitive Information","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/8408","name":"http://securityreason.com/securityalert/8408","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"JBoss, JMX Console, misconfigured DeploymentScanner  - SecurityReason.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2010:0376","name":"MISC:https://access.redhat.com/errata/RHSA-2010:0376","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2010:0377","name":"MISC:https://access.redhat.com/errata/RHSA-2010:0377","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2010:0378","name":"MISC:https://access.redhat.com/errata/RHSA-2010:0378","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2010:0379","name":"MISC:https://access.redhat.com/errata/RHSA-2010:0379","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/kb/docs/DOC-30741","name":"MISC:https://access.redhat.com/kb/docs/DOC-30741","refsource":"MITRE","tags":[],"title":"CVE-2010-0738 and JBoss Products - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2010-0738","name":"MISC:https://access.redhat.com/security/cve/CVE-2010-0738","refsource":"MITRE","tags":[],"title":"CVE-2010-0738 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-0738","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0738","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-05-25T00:00:00.000Z","lang":"en","value":"CVE-2010-0738 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"738","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.2.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"738","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2010","cve_id":"738","cve":"CVE-2010-0738","vendorProject":"Red Hat","product":"JBoss","vulnerabilityName":"Red Hat JBoss Authentication Bypass Vulnerability","dateAdded":"2022-05-25","shortDescription":"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-06-15","knownRansomwareCampaignUse":"Known","notes":"https://nvd.nist.gov/vuln/detail/CVE-2010-0738","cwes":"CWE-264","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:33"},"epss":{"cve_year":"2010","cve_id":"738","cve":"CVE-2010-0738","epss":"0.915230000","percentile":"0.996770000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:22"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T00:59:38.958Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"RHSA-2010:0379","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html"},{"name":"RHSA-2010:0378","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=574105"},{"name":"RHSA-2010:0376","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html"},{"name":"8408","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/8408"},{"name":"RHSA-2010:0377","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"},{"name":"ADV-2010-0992","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0992"},{"name":"HPSBMU02714","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=132129312609324&w=2"},{"name":"jboss-jmxconsole-security-bypass(58147)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"},{"name":"SSRT100244","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=132129312609324&w=2"},{"name":"39710","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/39710"},{"name":"39563","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/39563"},{"name":"1023918","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1023918"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2010-0738","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-02-07T13:23:07.402575Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-05-25","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-749","description":"CWE-749 Exposed Dangerous Method or Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:52.604Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738"}],"timeline":[{"lang":"en","time":"2022-05-25T00:00:00.000Z","value":"CVE-2010-0738 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-04-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2010:0379","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html"},{"name":"RHSA-2010:0378","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=574105"},{"name":"RHSA-2010:0376","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html"},{"name":"8408","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/8408"},{"name":"RHSA-2010:0377","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"},{"name":"ADV-2010-0992","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0992"},{"name":"HPSBMU02714","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=132129312609324&w=2"},{"name":"jboss-jmxconsole-security-bypass(58147)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"},{"name":"SSRT100244","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=132129312609324&w=2"},{"name":"39710","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/39710"},{"name":"39563","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/39563"},{"name":"1023918","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1023918"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2010-0738","datePublished":"2010-04-28T22:00:00.000Z","dateReserved":"2010-02-26T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:52.604Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-04-28 22:30:00","lastModifiedDate":"2026-04-22 14:37:41","problem_types":["NVD-CWE-noinfo","CWE-749","n/a","CWE-749 CWE-749 Exposed Dangerous Method or Function"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*","matchCriteriaId":"0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*","matchCriteriaId":"FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"738","Ordinal":"1","Title":"CVE-2010-0738","CVE":"CVE-2010-0738","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"738","Ordinal":"1","NoteData":"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.","Type":"Description","Title":"CVE-2010-0738"},{"CveYear":"2010","CveId":"738","Ordinal":"2","NoteData":"2010-04-28","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"738","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}