COOEY // HUBcompliance · community · intelligence

FAIL › dossier

JBoss product

2
failure events
0
zero-days
0
RCEs
2
on KEV
2
critical
80
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 2 events

DateEventSevFlagsShameSummary
2022-05-25 CVE-2010-1428 critical ⌖KEV 80 Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
2022-05-25 CVE-2010-0738 critical ⌖KEV 80 The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.