CVE-2010-1428 — Actively Exploited: JBoss (Red Hat)
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
| CVE ID | CVE-2010-1428 |
|---|---|
| Vendor | Red Hat |
| Product | JBoss |
| Vulnerability name | Red Hat JBoss Information Disclosure Vulnerability |
| Date added | 2022-05-25 |
| Remediation due | 2022-06-15 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →