Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-0738

Published: 28/04/2010 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 551
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jboss Enterprise Application Platform

Vulnerability Summary

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests to this application's GET handler by using a different method.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat jboss enterprise application platform 4.2.0

redhat jboss enterprise application platform 4.2

redhat jboss enterprise application platform 4.3.0

redhat jboss enterprise application platform 4.3

Vendor Advisories

Red Hat: Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update
Synopsis Critical: JBoss Enterprise Application Platform 430CP08 update Type/Severity Security Advisory: Critical Topic Updated JBoss Enterprise Application Platform (JBEAP) 43 packages that fixthree security issues and multiple bugs are now available for Red HatEnterprise Linux 5 as JBEAP 430CP08Th ...

Exploits

Exploit DB: JBoss & JMX Console - Misconfigured Deployment Scanner
#!/usr/bin/perl # Exploit Title: JBoss, JMX Console, misconfigured DeploymentScanner # Date: Oct 3 2011 # Author: y0ug <at> codseccom # Version: # Tested on: Linux # CVE : CVE-2010-0738 # # POC against misconfigured JBoss JMX Console # It use the addUrl method in DeploymentScanner module # # More information # packetstormsecurityorg ...
Exploit DB: JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution
#JBoss AS Remote Exploit #by Kingcope ##### use IO::Socket; use LWP::UserAgent; use URI::Escape; use MIME::Base64; sub usage { print "JBoss AS Remote Exploit\nby Kingcope\n\nusage: perl jbosspl &lt;target&gt; &lt;targetport&gt; &lt;yourip&gt; &lt;yourport&gt; &lt;win/lnx&gt;\n"; print "example: perl daytonapl 192168210 8080 19216822 443 ...
Exploit DB: JBoss - Java Class DeploymentFileRepository WAR Deployment (Metasploit)
## # $Id: jboss_deploymentfilerepositoryrb 9950 2010-08-03 15:14:34Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'ms ...
Exploit DB: JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)
## # $Id: jboss_bshdeployerrb 11533 2011-01-10 14:34:24Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...
Exploit DB: JBoss JMX Console Beanshell Deployer WAR Upload And Deployment
This Metasploit module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application The payload is put on the server by using the jbosssystem:BSHDeployer's createScriptDeployment() method ...
Exploit DB: JBoss addURL Misconfiguration Attack
This is a proof of concept exploit that leverages the addUrl method in the DeploymentScanner module on an exposed JBoss JMX console ...
Exploit DB: Hewlett-Packard UCMDB 10.10 JMX-Console Authentication Bypass
Hewlett-Packard Universal CMDB version 1010 suffers from a jmx-console related authentication bypass vulnerability ...

Nmap Scripts

http-vuln-cve2010-0738

Tests whether a JBoss target is vulnerable to jmx console authentication bypass (CVE-2010-0738).

nmap --script=http-vuln-cve2010-0738 --script-args 'http-vuln-cve2010-0738.paths={/path1/,/path2/}' <target>

PORT   STATE SERVICE
80/tcp open  http
| http-vuln-cve2010-0738:
|_  /jmx-console/: Authentication bypass.
http-vuln-cve2010-0738

Tests whether a JBoss target is vulnerable to jmx console authentication bypass (CVE-2010-0738).

nmap --script=http-vuln-cve2010-0738 --script-args 'http-vuln-cve2010-0738.paths={/path1/,/path2/}' <target>

PORT   STATE SERVICE
80/tcp open  http
| http-vuln-cve2010-0738:
|_  /jmx-console/: Authentication bypass.

Github Repositories

https://github.com/ChristianPapathanasiou/jboss-autopwn

JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security

jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security C Papathanasiou 2010 INTRODUCTION This JBoss script deploys a JSP shell on the target JBoss AS server Once deployed, the script uses its upload and command execution capabilit

https://github.com/hatRiot/clusterd

application server attack toolkit

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python &gt;= 27x Requests &gt;= 22x Installation The re

https://github.com/gitcollect/jboss-autopwn

JBoss Autopwn CVE-2010-0738 JBoss authentication bypass

jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security C Papathanasiou 2010 INTRODUCTION This JBoss script deploys a JSP shell on the target JBoss AS server Once deployed, the script uses its upload and command execution capabilit

https://github.com/qashqao/clusterd

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python &gt;= 27x Requests &gt;= 22x Installation The re

Recent Articles

Chinese gang shoots down aerospace security with MSFT flaws
The Register • Darren Pauli • 06 Aug 2015

'Panda Emissary' group has an appetite for defence projects

Black Hat 2015 An alleged Chinese advanced hacking group has been found cherry-picking data from high-profile governments and corporations, p0wning many within six hours according to Dell researchers. The group, codenamed TG-3390 or Panda Emissary, is thought to operate from China and have an appetite for defence-related aerospace projects. Its techniques mean domain credentials and multiple systems are compromised with six hours of gaining access to an environment. Watering holes are the group'...

Read more...

References

CWE-264https://rhn.redhat.com/errata/RHSA-2010-0379.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=574105https://rhn.redhat.com/errata/RHSA-2010-0376.htmlhttp://www.vupen.com/english/advisories/2010/0992https://rhn.redhat.com/errata/RHSA-2010-0377.htmlhttp://securitytracker.com/id?1023918http://www.securityfocus.com/bid/39710http://secunia.com/advisories/39563https://rhn.redhat.com/errata/RHSA-2010-0378.htmlhttp://securityreason.com/securityalert/8408http://marc.info/?l=bugtraq&m=132129312609324&w=2http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35https://exchange.xforce.ibmcloud.com/vulnerabilities/58147https://access.redhat.com/errata/RHSA-2010:0379https://nvd.nist.govhttps://github.com/ChristianPapathanasiou/jboss-autopwnhttps://www.exploit-db.com/exploits/17924/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook