CVE-2010-1429 Information
Description
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \deployed web contexts\ via a request to the status servlet as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Reference
http://marc.info/?l=bugtraq&m=132698550418872&w=2 http://secunia.com/advisories/39563 http://securitytracker.com/id?1023918 http://www.securityfocus.com/bid/39710 http://www.vupen.com/english/advisories/2010/0992 https://bugzilla.redhat.com/show_bug.cgi?id=585900 https://exchange.xforce.ibmcloud.com/vulnerabilities/58149 https://rhn.redhat.com/errata/RHSA-2010-0376.html https://rhn.redhat.com/errata/RHSA-2010-0377.html https://rhn.redhat.com/errata/RHSA-2010-0378.html https://rhn.redhat.com/errata/RHSA-2010-0379.html https://www.exploit-db.com/exploits/44009/
Share on: