Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2010-1429
Vulnerability from cvelistv5
Published
2010-04-28 22:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "44009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-12T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "44009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1429",
"datePublished": "2010-04-28T22:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-1429\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-04-28T22:30:00.840\",\"lastModified\":\"2024-11-21T01:14:23.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \\\"deployed web contexts\\\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\"},{\"lang\":\"es\",\"value\":\"Plataforma de aplicaci\u00f3n Red Hat JBoss Enterprise (conocido como JBoss EAP r JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 permite a atacantes remotos obtener informaci\u00f3n sensible \\\"deployed web contexts\\\" (Contextos web desarrollados) a trav\u00e9s de peticiones a servlet de estado, como quedo demostrado con una petici\u00f3n de cadena con full=true. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2008-3273.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.0\",\"matchCriteriaId\":\"E8E0B7BE-9F4D-4083-B08A-13CA20422820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.0\",\"matchCriteriaId\":\"4906489F-828A-4351-8D5B-A989CED8E4A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9830D64-C46F-4423-BE0B-0B1FDB765D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*\",\"matchCriteriaId\":\"599FBAC3-2E83-443B-AACB-99BBA896CB19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*\",\"matchCriteriaId\":\"43590B58-A1C7-4105-A00F-6C4F46A6CC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*\",\"matchCriteriaId\":\"A44F907E-AE57-4213-B001-A23319B72CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*\",\"matchCriteriaId\":\"243ED156-851C-4897-AF59-86FCA5C9C66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*\",\"matchCriteriaId\":\"7398F80B-8318-40E7-A0EE-6CCF7E066C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4816097-6982-4FBA-BD34-3D24BCA5A56A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*\",\"matchCriteriaId\":\"960A513A-CAFC-4B3D-ABD7-4659CF545C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D8DC6D-5E39-4A53-8BB8-F998706D573F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA2D64E-D7E7-400D-AC7E-CB2045750791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"197F047B-E11C-4B79-B6C4-79B2C278A33F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=585900\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44009/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=585900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2010_0379
Vulnerability from csaf_redhat
Published
2010-04-27 04:15
Modified
2024-11-22 03:20
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0349 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0349 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0379",
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571905"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0379.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:13+00:00",
"generator": {
"date": "2024-11-22T03:20:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0379",
"initial_release_date": "2010-04-27T04:15:00+00:00",
"revision_history": [
{
"date": "2010-04-27T04:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-27T00:15:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010_0378
Vulnerability from csaf_redhat
Published
2010-04-27 03:55
Modified
2024-11-22 03:20
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0348 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0348 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0378",
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571835"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0378.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:08+00:00",
"generator": {
"date": "2024-11-22T03:20:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0378",
"initial_release_date": "2010-04-27T03:55:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:55:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010_0377
Vulnerability from csaf_redhat
Published
2010-04-27 03:39
Modified
2024-11-22 03:20
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0347 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0347 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0377",
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571828"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0377.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:03+00:00",
"generator": {
"date": "2024-11-22T03:20:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0377",
"initial_release_date": "2010-04-27T03:39:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:39:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:39:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
rhsa-2010_0376
Vulnerability from csaf_redhat
Published
2010-04-27 03:19
Modified
2024-11-22 03:19
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0346 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0346 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0376",
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571813"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0376.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2024-11-22T03:19:57+00:00",
"generator": {
"date": "2024-11-22T03:19:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0376",
"initial_release_date": "2010-04-27T03:19:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:19:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:19:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
gsd-2010-1429
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-1429",
"description": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GSD-2010-1429",
"references": [
"https://access.redhat.com/errata/RHSA-2010:0379",
"https://access.redhat.com/errata/RHSA-2010:0378",
"https://access.redhat.com/errata/RHSA-2010:0377",
"https://access.redhat.com/errata/RHSA-2010:0376",
"https://packetstormsecurity.com/files/cve/CVE-2010-1429"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-1429"
],
"details": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GSD-2010-1429",
"modified": "2023-12-13T01:21:33.042958Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "http://secunia.com/advisories/39563",
"refsource": "MISC",
"url": "http://secunia.com/advisories/39563"
},
{
"name": "http://securitytracker.com/id?1023918",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "http://www.securityfocus.com/bid/39710",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "http://www.vupen.com/english/advisories/2010/0992",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0376.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0377.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0378.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0379.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "https://www.exploit-db.com/exploits/44009/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=585900",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1429"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0377",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "1023918",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "39563",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "ADV-2010-0992",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "39710",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=585900",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"name": "RHSA-2010:0379",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "RHSA-2010:0376",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "HPSBMU02736",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "44009",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/44009/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:17Z",
"publishedDate": "2010-04-28T22:30Z"
}
}
}
ghsa-x26p-67q3-4mfx
Vulnerability from github
Published
2022-05-02 06:22
Modified
2022-05-02 06:22
Details
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
{
"affected": [],
"aliases": [
"CVE-2010-1429"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-04-28T22:30:00Z",
"severity": "MODERATE"
},
"details": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GHSA-x26p-67q3-4mfx",
"modified": "2022-05-02T06:22:44Z",
"published": "2022-05-02T06:22:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44009"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39563"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023918"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0992"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.