COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2010-0738

CVE-2010-0738

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-05-25
Reference
https://nvd.nist.gov/vuln/detail/CVE-2010-0738
⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wild

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Players implicated

Red Hat · vendorJBoss · product

Description

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Red Hat OpenShift Service on AWS (ROSA) Red Hat In Process vendor-exact · 0.90