Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-0738 (GCVE-0-2010-0738)
Vulnerability from cvelistv5
Published
2010-04-28 22:00
Modified
2025-07-30 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
References
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2022-05-25
Due date: 2022-06-15
Required action: Apply updates per vendor instructions.
Used in ransomware: Known
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-0738
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "8408",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "HPSBMU02714",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "SSRT100244",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023918"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2010-0738",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:23:07.402575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:47:05.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-25T00:00:00+00:00",
"value": "CVE-2010-0738 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "8408",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "HPSBMU02714",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "SSRT100244",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023918"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0738",
"datePublished": "2010-04-28T22:00:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:47:05.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2010-0738",
"cwes": "[\"CWE-264\"]",
"dateAdded": "2022-05-25",
"dueDate": "2022-06-15",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"product": "JBoss",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"vendorProject": "Red Hat",
"vulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-0738\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-04-28T22:30:00.447\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\u00f3lo para los m\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\u00f3n que usan un m\u00e9todo diferente. \\r\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-05-25\",\"cisaActionDue\":\"2022-06-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Red Hat JBoss Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-749\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8408\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=574105\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=574105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"name\": \"RHSA-2010:0379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"name\": \"RHSA-2010:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"name\": \"RHSA-2010:0376\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"name\": \"8408\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"name\": \"RHSA-2010:0377\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"name\": \"ADV-2010-0992\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"HPSBMU02714\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"name\": \"jboss-jmxconsole-security-bypass(58147)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"SSRT100244\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"name\": \"39710\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"name\": \"39563\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"name\": \"1023918\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T00:59:38.958Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-0738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:23:07.402575Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-05-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-05-25T00:00:00+00:00\", \"value\": \"CVE-2010-0738 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-749\", \"description\": \"CWE-749 Exposed Dangerous Method or Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:26:02.910Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-04-26T00:00:00.000Z\", \"references\": [{\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"name\": \"RHSA-2010:0379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"name\": \"RHSA-2010:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=574105\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"name\": \"RHSA-2010:0376\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://securityreason.com/securityalert/8408\", \"name\": \"8408\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"name\": \"RHSA-2010:0377\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"name\": \"ADV-2010-0992\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"HPSBMU02714\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58147\", \"name\": \"jboss-jmxconsole-security-bypass(58147)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2\", \"name\": \"SSRT100244\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"name\": \"39710\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/advisories/39563\", \"name\": \"39563\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"name\": \"1023918\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-08-16T14:57:01.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2010-0738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-30T01:47:05.359Z\", \"dateReserved\": \"2010-02-26T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2010-04-28T22:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
gsd-2010-0738
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-0738",
"description": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"id": "GSD-2010-0738",
"references": [
"https://access.redhat.com/errata/RHSA-2010:0379",
"https://access.redhat.com/errata/RHSA-2010:0378",
"https://access.redhat.com/errata/RHSA-2010:0377",
"https://access.redhat.com/errata/RHSA-2010:0376",
"https://packetstormsecurity.com/files/cve/CVE-2010-0738"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-0738"
],
"details": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"id": "GSD-2010-0738",
"modified": "2023-12-13T01:21:28.408664Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35",
"refsource": "MISC",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "http://secunia.com/advisories/39563",
"refsource": "MISC",
"url": "http://secunia.com/advisories/39563"
},
{
"name": "http://securityreason.com/securityalert/8408",
"refsource": "MISC",
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "http://securitytracker.com/id?1023918",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "http://www.securityfocus.com/bid/39710",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "http://www.vupen.com/english/advisories/2010/0992",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0376.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0377.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0378.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0379.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=574105",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp08:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0738"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0379",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=574105",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "ADV-2010-0992",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "RHSA-2010:0377",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "1023918",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "39710",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "RHSA-2010:0378",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "8408",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "SSRT100244",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35",
"refsource": "CONFIRM",
"tags": [],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:16Z",
"publishedDate": "2010-04-28T22:30Z"
}
}
}
rhsa-2010:0379
Vulnerability from csaf_redhat
Published
2010-04-27 04:15
Modified
2025-01-26 19:37
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0349 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0349 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0379",
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571905"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0379.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2025-01-26T19:37:04+00:00",
"generator": {
"date": "2025-01-26T19:37:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2010:0379",
"initial_release_date": "2010-04-27T04:15:00+00:00",
"revision_history": [
{
"date": "2010-04-27T04:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-27T00:15:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-26T19:37:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010:0376
Vulnerability from csaf_redhat
Published
2010-04-27 03:19
Modified
2025-01-26 19:36
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0346 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0346 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0376",
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571813"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0376.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2025-01-26T19:36:48+00:00",
"generator": {
"date": "2025-01-26T19:36:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2010:0376",
"initial_release_date": "2010-04-27T03:19:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:19:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-26T19:36:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010:0377
Vulnerability from csaf_redhat
Published
2010-04-27 03:39
Modified
2025-01-26 19:36
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0347 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0347 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0377",
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571828"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0377.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2025-01-26T19:36:53+00:00",
"generator": {
"date": "2025-01-26T19:36:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2010:0377",
"initial_release_date": "2010-04-27T03:39:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:39:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:39:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-26T19:36:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010:0378
Vulnerability from csaf_redhat
Published
2010-04-27 03:55
Modified
2025-01-26 19:36
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0348 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0348 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0378",
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571835"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0378.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2025-01-26T19:36:59+00:00",
"generator": {
"date": "2025-01-26T19:36:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2010:0378",
"initial_release_date": "2010-04-27T03:55:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:55:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-26T19:36:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
ghsa-72pp-v9jm-c6xj
Vulnerability from github
Published
2022-05-02 06:15
Modified
2024-06-28 18:31
Severity ?
VLAI Severity ?
Details
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
{
"affected": [],
"aliases": [
"CVE-2010-0738"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-04-28T22:30:00Z",
"severity": "MODERATE"
},
"details": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"id": "GHSA-72pp-v9jm-c6xj",
"modified": "2024-06-28T18:31:40Z",
"published": "2022-05-02T06:15:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
},
{
"type": "WEB",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"type": "WEB",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39563"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8408"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023918"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
fkie_cve-2010-0738
Vulnerability from fkie_nvd
Published
2010-04-28 22:30
Modified
2025-04-11 00:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| secalert@redhat.com | http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/39563 | Broken Link, Vendor Advisory | |
| secalert@redhat.com | http://securityreason.com/securityalert/8408 | Broken Link | |
| secalert@redhat.com | http://securitytracker.com/id?1023918 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/39710 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0992 | Broken Link, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=574105 | Issue Tracking | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/58147 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0376.html | Broken Link | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0377.html | Broken Link | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0378.html | Broken Link | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0379.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132129312609324&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39563 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8408 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023918 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39710 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0992 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=574105 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/58147 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0376.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0377.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0378.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0379.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 |
{
"cisaActionDue": "2022-06-15",
"cisaExploitAdd": "2022-05-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0D3EADF4-5496-4F5F-B0A6-DBF959C4D7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FE2A6BEF-2917-437C-A1D5-EE1601FC0A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\u00f3lo para los m\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\u00f3n que usan un m\u00e9todo diferente. \r\n"
}
],
"id": "CVE-2010-0738",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2010-04-28T22:30:00.447",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132129312609324\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/8408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…