Description

It's possible to reach the status servlet on this JBoss system. The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.

Remediation

Restrict access to the status servlet.

References

JBossEAP status servlet info leak

JBoss/Tomcat server-status

Related Vulnerabilities

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

F5 BIG-IP Cookie Information Disclosure

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)

Severity

Medium

Classification

CVE-2010-1429 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure