CVE-2010-1428: Red Hat JBoss Information Disclosure Vulnerability.
Red Hat JBoss Information Disclosure Vulnerability. Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
- CISA KEV-listed (remediation due 2022-06-15)
- used in ransomware campaigns
- EPSS 67.6% (98.6% percentile)