Описание
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Ссылки
- ExploitMailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Issue Tracking
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Broken Link
- Broken Link
- Vendor Advisory
- ExploitMailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Issue Tracking
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Broken Link
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterpri ...
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Уязвимость методов GET и POST платформы JBoss Enterprise Application Platform, позволяющая нарушителю получить конфиденциальную информацию
EPSS
7.5 High
CVSS3
5 Medium
CVSS2