{"api_version":"1","generated_at":"2026-04-26T00:54:48+00:00","cve":"CVE-2010-1428","urls":{"html":"https://cve.report/CVE-2010-1428","api":"https://cve.report/api/cve/CVE-2010-1428.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-1428","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-1428"},"summary":{"title":"CVE-2010-1428","description":"The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.","state":"PUBLISHED","assigner":"redhat","published_at":"2010-04-28 22:30:00","updated_at":"2026-04-22 14:37:55"},"problem_types":["NVD-CWE-noinfo","CWE-749","n/a","CWE-749 CWE-749 Exposed Dangerous Method or Function"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58148","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58148","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0377.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/39563","name":"http://secunia.com/advisories/39563","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Red Hat JBoss Enterprise Application Platform Three Security Issues - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0378.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0992","name":"http://www.vupen.com/english/advisories/2010/0992","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/39710","name":"http://www.securityfocus.com/bid/39710","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"JBoss Enterprise Application Platform Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2","name":"http://marc.info/?l=bugtraq&m=132698550418872&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"],"title":"'[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Busines' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0376.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html","name":"https://rhn.redhat.com/errata/RHSA-2010-0379.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securitytracker.com/id?1023917","name":"http://securitytracker.com/id?1023917","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityTracker.com Archives - JBoss Application Server Web Console Flaw Lets Remote Users Bypass Authentication","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=585899","name":"https://bugzilla.redhat.com/show_bug.cgi?id=585899","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"Bug 585899 – CVE-2010-1428 JBoss Application Server Web Console Authentication bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-1428","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1428","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-05-25T00:00:00.000Z","lang":"en","value":"CVE-2010-1428 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"1428","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.2.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"1428","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2010","cve_id":"1428","cve":"CVE-2010-1428","vendorProject":"Red Hat","product":"JBoss","vulnerabilityName":"Red Hat JBoss Information Disclosure Vulnerability","dateAdded":"2022-05-25","shortDescription":"Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-06-15","knownRansomwareCampaignUse":"Known","notes":"https://nvd.nist.gov/vuln/detail/CVE-2010-1428","cwes":"CWE-264","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:33"},"epss":{"cve_year":"2010","cve_id":"1428","cve":"CVE-2010-1428","epss":"0.676110000","percentile":"0.985870000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:22"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T01:21:19.108Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"RHSA-2010:0379","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html"},{"name":"RHSA-2010:0378","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html"},{"name":"jboss-webconsole-information-disclosure(58148)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58148"},{"name":"HPSBMU02736","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2"},{"name":"RHSA-2010:0376","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=585899"},{"name":"RHSA-2010:0377","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html"},{"name":"SSRT100699","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2"},{"name":"ADV-2010-0992","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0992"},{"name":"1023917","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1023917"},{"name":"39710","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/39710"},{"name":"39563","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/39563"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2010-1428","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-02-07T13:23:24.770044Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-05-25","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-749","description":"CWE-749 Exposed Dangerous Method or Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:52.450Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428"}],"timeline":[{"lang":"en","time":"2022-05-25T00:00:00.000Z","value":"CVE-2010-1428 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-04-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2010:0379","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html"},{"name":"RHSA-2010:0378","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html"},{"name":"jboss-webconsole-information-disclosure(58148)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58148"},{"name":"HPSBMU02736","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2"},{"name":"RHSA-2010:0376","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=585899"},{"name":"RHSA-2010:0377","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html"},{"name":"SSRT100699","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2"},{"name":"ADV-2010-0992","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0992"},{"name":"1023917","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1023917"},{"name":"39710","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/39710"},{"name":"39563","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/39563"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2010-1428","datePublished":"2010-04-28T22:00:00.000Z","dateReserved":"2010-04-15T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:52.450Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-04-28 22:30:00","lastModifiedDate":"2026-04-22 14:37:55","problem_types":["NVD-CWE-noinfo","CWE-749","n/a","CWE-749 CWE-749 Exposed Dangerous Method or Function"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*","matchCriteriaId":"0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*","matchCriteriaId":"FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"1428","Ordinal":"1","Title":"CVE-2010-1428","CVE":"CVE-2010-1428","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"1428","Ordinal":"1","NoteData":"The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.","Type":"Description","Title":"CVE-2010-1428"},{"CveYear":"2010","CveId":"1428","Ordinal":"2","NoteData":"2010-04-28","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"1428","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}