Description
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Remediation
References
Related Vulnerabilities
Python Uncontrolled Search Path Element Vulnerability (CVE-2020-15523)
WordPress Plugin ReDi Restaurant Reservation Cross-Site Scripting (21.0307)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)
WordPress Plugin Properties and Agents-Real Estate Manager Cross-Site Scripting (6.7.1)