JBoss Enterprise Application Platform Multiple Vulnerabilities
BID:39710
Info
JBoss Enterprise Application Platform Multiple Vulnerabilities
| Bugtraq ID: | 39710 |
| Class: | Unknown |
| CVE: |
CVE-2010-0738 CVE-2010-1428 CVE-2010-1429 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2010 12:00AM |
| Updated: | May 19 2014 12:42AM |
| Credit: | Red Hat, Stefano Di Paola and Giorgio Fedon of Minded Security |
| Vulnerable: |
Red Hat JBoss Enterprise Application Platform 5.0 Red Hat JBoss Enterprise Application Platform 4.3 EL5 Red Hat JBoss Enterprise Application Platform 4.3 EL4 Red Hat JBoss Enterprise Application Platform 4.3 Red Hat JBoss Enterprise Application Platform 4.2 EL5 Red Hat JBoss Enterprise Application Platform 4.2 EL4 Red Hat JBoss Enterprise Application Platform 4.2 Red Hat JBoss Enterprise Application Platform 5.1.1 Red Hat JBoss Enterprise Application Platform 5.1.0 Red Hat JBoss Enterprise Application Platform 5 EL6 Red Hat JBoss Enterprise Application Platform 5 EL5 Red Hat JBoss Enterprise Application Platform 5 EL4 Red Hat JBoss Application Server 5.0 Red Hat JBoss Application Server 5.X Red Hat JBoss Application Server 5 HP Network Node Manager i 9.0 HP Business Service Management 9.12 HP Business Service Management 9.01 HP Business Availability Center 8.07 HP Business Availability Center 8.06 HP Business Availability Center 8.05 HP Business Availability Center 8.01 HP Business Availability Center 7.55 HP Business Availability Center 6 HP Business Availability Center 0 |
| Not Vulnerable: | |
Discussion
JBoss Enterprise Application Platform Multiple Vulnerabilities
JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues.
An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain unauthorized access to the application.
JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues.
An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain unauthorized access to the application.
Exploit / POC
JBoss Enterprise Application Platform Multiple Vulnerabilities
An attacker may use readily available tools to exploit these issues.
The following exploits are available for CVE-2010-0738:
An attacker may use readily available tools to exploit these issues.
The following exploits are available for CVE-2010-0738:
Solution / Fix
JBoss Enterprise Application Platform Multiple Vulnerabilities
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
JBoss Enterprise Application Platform Multiple Vulnerabilities
References:
References:
- JBoss Community Homepage (JBoss Group)
- Securing the JMX Console and Web Console (HTTP) (jboss.org)