{"cve":{"cve_id":"CVE-2010-1428","is_kev":true,"kev_date_added":"2022-05-25","kev_vendor_project":"Red Hat","kev_product":"JBoss","kev_vulnerability_name":"Red Hat JBoss Information Disclosure Vulnerability","kev_short_description":"Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-06-15","kev_known_ransomware":true,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2010-1428","kev_cwes":["CWE-264"],"epss_score":0.62308,"epss_percentile":0.9907,"epss_as_of":"2026-06-23","description":"The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.","published_at":"2010-04-28T22:00:00Z","last_modified_at":"2026-06-16T23:18:22.453000Z","cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-749"],"nvd_references":["https://rhn.redhat.com/errata/RHSA-2010-0379.html","https://rhn.redhat.com/errata/RHSA-2010-0378.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/58148","http://marc.info/?l=bugtraq&m=132698550418872&w=2","https://rhn.redhat.com/errata/RHSA-2010-0376.html","https://bugzilla.redhat.com/show_bug.cgi?id=585899","https://rhn.redhat.com/errata/RHSA-2010-0377.html","http://marc.info/?l=bugtraq&m=132698550418872&w=2","http://www.vupen.com/english/advisories/2010/0992","http://securitytracker.com/id?1023917","http://www.securityfocus.com/bid/39710","http://secunia.com/advisories/39563"],"vuln_status":"Analyzed","trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:05:25.907522Z"},"effective_severity":"HIGH","badges":["kev","ransomware","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"jboss-enterprise-application-platform","product_name":"jboss_enterprise_application_platform","version_start":"4.2.0","version_start_inclusive":true,"version_end":"4.2.0","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:-:*:*:*:*:*:*"},{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"jboss-enterprise-application-platform","product_name":"jboss_enterprise_application_platform","version_start":"4.3.0","version_start_inclusive":true,"version_end":"4.3.0","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:-:*:*:*:*:*:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://rhn.redhat.com/errata/RHSA-2010-0379.html","source_type":"MISC","tags":[]},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0378.html","source_type":"MISC","tags":[]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/58148","source_type":"MISC","tags":[]},{"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0376.html","source_type":"MISC","tags":[]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=585899","source_type":"MISC","tags":[]},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0377.html","source_type":"MISC","tags":[]},{"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://www.vupen.com/english/advisories/2010/0992","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://securitytracker.com/id?1023917","source_type":"MISC","tags":[]},{"url":"http://www.securityfocus.com/bid/39710","source_type":"MISC","tags":[]},{"url":"http://secunia.com/advisories/39563","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2010-04-28T22:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2022-05-25T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"}]}