4.3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

nessus

metasploit

NVD

Published: 2010-04-28

Updated: 2024-06-28

Summary

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.3.0	2

Metasploit

description	This module scans a JBoss instance for a few vulnerabilities.
id	MSF:AUXILIARY/SCANNER/HTTP/JBOSS_VULNSCAN
last seen	2020-03-13
modified	2019-09-12
published	2010-06-21
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1429 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1428 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12149
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/jboss_vulnscan.rb
title	JBoss Vulnerability Scanner

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0379.NASL
description	Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP08. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.3.0.CP07. These updated packages include multiple bug fixes which are detailed in the Release Notes. The Release Notes will be available shortly from the link in the References section. The following security issues are also fixed with this release : The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP
last seen	2020-06-01
modified	2020-06-02
plugin id	63931
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63931
title	RHEL 5 : JBoss EAP (RHSA-2010:0379)

NASL family	Web Servers
NASL id	JBOSS_EAP_JMX_CONSOLE_AUTH_BYPASS.NASL
description	The version of JBoss Enterprise Application Platform (EAP) running on the remote host allows unauthenticated access to certain documents under the
last seen	2020-06-01
modified	2020-06-02
plugin id	46181
published	2010-04-29
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/46181
title	JBoss Enterprise Application Platform '/web-console' Authentication Bypass

NASL family	Junos Local Security Checks
NASL id	JUNIPER_SPACE_JSA10627.NASL
description	According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in RedHat JBoss application server. (CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-5245, CVE-2012-0818) - Multiple vulnerabilities in Oracle Java SE JDK. (CVE-2012-3143, CVE-2013-1537, CVE-2013-1557, CVE-2013-2422) - Multiple vulnerabilities in Oracle MySQL server. (CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544, CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3808, CVE-2013-3809, CVE-2013-3812, CVE-2013-3839) - Multiple vulnerabilities in Apache HTTP Server. (CVE-2013-1862, CVE-2013-1896) - Known hard-coded MySQL credentials. (CVE-2014-3413)
last seen	2020-06-01
modified	2020-06-02
plugin id	80195
published	2014-12-22
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80195
title	Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0378.NASL
description	Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP09. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.2.0.CP08. These updated packages include multiple bug fixes which are detailed in the Release Notes. The Release Notes will be available shortly from the link in the References section. The following security issues are also fixed with this release : The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP
last seen	2020-06-01
modified	2020-06-02
plugin id	63930
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63930
title	RHEL 5 : JBoss EAP (RHSA-2010:0378)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0376.NASL
description	Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP09. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.2.0.CP08. These updated packages include multiple bug fixes which are detailed in the Release Notes. The Release Notes will be available shortly from the link in the References section. The following security issues are also fixed with this release : The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP
last seen	2020-06-01
modified	2020-06-02
plugin id	63928
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63928
title	RHEL 4 : JBoss EAP (RHSA-2010:0376)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0377.NASL
description	Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP08. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.3.0.CP07. These updated packages include multiple bug fixes which are detailed in the Release Notes. The Release Notes will be available shortly from the link in the References section. The following security issues are also fixed with this release : The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP
last seen	2020-06-01
modified	2020-06-02
plugin id	63929
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63929
title	RHEL 4 : JBoss EAP (RHSA-2010:0377)

Redhat

advisories

rhsa
id RHSA-2010:0376
rhsa
id RHSA-2010:0377
rhsa
id RHSA-2010:0378
rhsa
id RHSA-2010:0379

rpms

hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4
hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4
hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4
hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4
hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4
jacorb-0:2.3.0-1jpp.ep1.10.el4
jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4
jboss-aop-0:1.5.5-3.CP05.2.ep1.el4
jboss-cache-0:1.4.1-6.SP14.1.ep1.el4
jboss-remoting-0:2.2.3-3.SP2.ep1.el4
jboss-seam-0:1.2.1-1.ep1.24.el4
jboss-seam-docs-0:1.2.1-1.ep1.24.el4
jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4
jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4
jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4
jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4
jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4
rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4
rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4
hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4
hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4
hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4
hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4
hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4
jacorb-0:2.3.0-1jpp.ep1.10.el4
jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4
jboss-aop-0:1.5.5-3.CP05.2.ep1.el4
jboss-cache-0:1.4.1-6.SP14.1.ep1.el4
jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4
jboss-remoting-0:2.2.3-3.SP2.ep1.el4
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4
jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4
jboss-seam2-0:2.0.2.FP-1.ep1.23.el4
jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4
jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4
jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4
jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4
jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4
jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4
jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4
rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4
rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4
hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5
hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5
hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5
hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5
jacorb-0:2.3.0-1jpp.ep1.10.1.el5
jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5
jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5
jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5
jboss-seam-0:1.2.1-1.ep1.24.el5
jboss-seam-docs-0:1.2.1-1.ep1.24.el5
jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5
jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5
jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5
jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5
jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5
rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5
rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5
hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5
hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5
hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5
hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5
jacorb-0:2.3.0-1jpp.ep1.10.1.el5
jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5
jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5
jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5
jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1
jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1
jboss-seam2-0:2.0.2.FP-1.ep1.23.el5
jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5
jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5
jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5
jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5
jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5
jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5
jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5
rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5
rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5

Saint

bid	39710
description	RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
id	web_dev_jbossasver
osvdb	64171
title	jboss_application_server_jmx_console_authentication_bypass
type	remote

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 39710 CVE ID: CVE-2010-0738,CVE-2010-1428,CVE-2010-1429 JBoss企业应用平台（EAP）是J2EE应用的中间件平台。 JBoss企业应用平台中存在多个非授权访问漏洞，远程用户可以绕过认证执行非授权操作或读取敏感信息。 1) JMX控制台配置仅对使用GET和POST HTTP命令的请求指定了认证要求，远程攻击者可以创建没有指定GET或POST的HTTP请求，导致无需认证便被默认的GET处理器执行。 2) 默认阻断了对JBoss应用服务器Web控制台（/web-console）的非认证访问，但这种阻断并不彻底，仅阻断了GET和POST HTTP命令。远程攻击者可以利用这个漏洞访问敏感信息。 3) RHSA-2008:0828更新修复了未经认证用户可访问状态servlet的漏洞（CVE-2008-3273）；但RHSA-2009:0349中的bug修复重新引入了这个漏洞。远程攻击者可以利用这个漏洞获得有关所部署的web上下文的详细信息。 RedHat JBoss EAP 4.3 RedHat JBoss EAP 4.2 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2010:0376-01）以及相应补丁: RHSA-2010:0376-01：Critical: JBoss Enterprise Application Platform 4.2.0.CP09 update 链接：https://www.redhat.com/support/errata/RHSA-2010-0376.html
id	SSV:19528
last seen	2017-11-19
modified	2010-04-29
published	2010-04-29
reporter	Root
title	JBoss企业应用平台多个非授权访问漏洞

Summary

Vulnerable Configurations

Metasploit

Nessus

Redhat

Saint

Seebug

References