CVE-2010-0738 (GCVE-0-2010-0738)
Vulnerability from cvelistv5 – Published: 2010-04-28 22:00 – Updated: 2025-10-22 00:05
VLAI?
CISA KEV
EUVD KEV
Summary
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
14 references
Date Public ?
2010-04-26 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: d69d5bfc-e5a8-4c22-aad2-e91e286bbfa0
Exploited: Yes
Timestamps
First Seen: 2022-05-25
Asserted: 2022-05-25
Scope
Notes: KEV entry: Red Hat JBoss Authentication Bypass Vulnerability | Affected: Red Hat / JBoss | Description: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0738
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-264 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | JBoss |
| Due Date | 2022-06-15 |
| Date Added | 2022-05-25 |
| Vendorproject | Red Hat |
| Vulnerabilityname | Red Hat JBoss Authentication Bypass Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Created: 2026-02-02 12:27 UTC
| Updated: 2026-02-06 07:17 UTC
EUVD KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 1df40635-1842-4b2a-9805-2b88953026d6
Exploited: Yes
Timestamps
First Seen: 2025-07-14
Asserted: 2025-07-14
Scope
Notes: Affected: Red Hat / JBoss Application Server | Description: this management interface allows administrative operations to be performed without adequate access controls allowing a remote attacker to interact with the system in an unauthorized manner | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note
Evidence
Type: Csirt Report
Signal: Successful Exploitation
Confidence: 75%
Source: enisa-cnw-kev
Details
| Cwes | - |
|---|---|
| Euvd | EUVD-2010-0764 |
| Notes | https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note |
| Catalog | ENISA / EU CSIRTs Network (CNW) KEV CSV |
| Product | JBoss Application Server |
| Datereported | 14/07/25 |
| Originsource | CERT Italia |
| Vendorproject | Red Hat |
| Exploitationtype | - |
| Vulnerabilityname | - |
| Threatactorsexploiting | - |
References
Created: 2026-02-02 12:25 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "8408",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "HPSBMU02714",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "SSRT100244",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023918"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2010-0738",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:23:07.402575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:52.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-25T00:00:00.000Z",
"value": "CVE-2010-0738 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "8408",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "HPSBMU02714",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "SSRT100244",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023918"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0738",
"datePublished": "2010-04-28T22:00:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:52.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2010-0738",
"cwes": "[\"CWE-264\"]",
"dateAdded": "2022-05-25",
"dueDate": "2022-06-15",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"product": "JBoss",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"vendorProject": "Red Hat",
"vulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability"
},
"cnw_known_exploited": {
"CVE": "CVE-2010-0738",
"EUVD": "EUVD-2010-0764",
"cwes": "-",
"dateReported": "14/07/25",
"exploitationType": "-",
"notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note",
"originSource": "CERT Italia",
"product": "JBoss Application Server",
"shortDescription": "this management interface allows administrative operations to be performed without adequate access controls allowing a remote attacker to interact with the system in an unauthorized manner",
"threatActorsExploiting": "-",
"vendorProject": "Red Hat",
"vulnerabilityName": "-"
},
"epss": {
"cve": "CVE-2010-0738",
"date": "2026-05-21",
"epss": "0.91523",
"percentile": "0.99684"
},
"fkie_nvd": {
"cisaActionDue": "2022-06-15",
"cisaExploitAdd": "2022-05-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.\"}, {\"lang\": \"es\", \"value\": \"La aplicaci\\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\\u00f3lo para los m\\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\\u00f3n que usan un m\\u00e9todo diferente. \\r\\n\"}]",
"id": "CVE-2010-0738",
"lastModified": "2025-01-06T19:11:29.700",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2010-04-28T22:30:00.447",
"references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-0738\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-04-28T22:30:00.447\",\"lastModified\":\"2026-04-22T14:37:41.760\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\u00f3lo para los m\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\u00f3n que usan un m\u00e9todo diferente. \\r\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-05-25\",\"cisaActionDue\":\"2022-06-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Red Hat JBoss Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-749\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8408\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=574105\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=574105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"name\": \"RHSA-2010:0379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"name\": \"RHSA-2010:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"name\": \"RHSA-2010:0376\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"name\": \"8408\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"name\": \"RHSA-2010:0377\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"name\": \"ADV-2010-0992\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"HPSBMU02714\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"name\": \"jboss-jmxconsole-security-bypass(58147)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"SSRT100244\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"name\": \"39710\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"name\": \"39563\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"name\": \"1023918\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T00:59:38.958Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-0738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:23:07.402575Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-05-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-05-25T00:00:00.000Z\", \"value\": \"CVE-2010-0738 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-749\", \"description\": \"CWE-749 Exposed Dangerous Method or Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:26:02.910Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-04-26T00:00:00.000Z\", \"references\": [{\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"name\": \"RHSA-2010:0379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"name\": \"RHSA-2010:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"name\": \"RHSA-2010:0376\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"name\": \"8408\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"name\": \"RHSA-2010:0377\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"name\": \"ADV-2010-0992\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"HPSBMU02714\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"name\": \"jboss-jmxconsole-security-bypass(58147)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"SSRT100244\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"name\": \"39710\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"name\": \"39563\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"name\": \"1023918\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-08-16T14:57:01.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2010-0738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:52.604Z\", \"dateReserved\": \"2010-02-26T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2010-04-28T22:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…