Bug Bounty

All about electronic devices security
http://bugbounty.com.au/

CVE\-2010\-1429 JBoss Insecure Storage of Sensitive Information on ips\.mtn\.co\.ug

http://bugbounty.com.au/viewtopic.php?t=114

Page 1 of 1

CVE\-2010\-1429 JBoss Insecure Storage of Sensitive Information on ips\.mtn\.co\.ug

Posted: Wed Oct 09, 2024 4:44 am
by Shane1145
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. this issue exists because of a CVE-2008-3273 regression. by requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.


https://hackerone.com/reports/2375659
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited