Описание
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Ссылки
- ExploitMailing List
- Third Party Advisory
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Issue Tracking
- Third Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken Link
- Vendor Advisory
- ExploitMailing List
- Third Party Advisory
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Уязвимость веб-приложения JMX-Console платформы JBoss Enterprise Application Platform, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2