Description

It's possible to reach the status servlet on this JBoss system. The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.

Remediation

Restrict access to the status servlet.

References

JBossEAP status servlet info leak

JBoss/Tomcat server-status

Related Vulnerabilities

JBoss JMX management console

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)

WordPress Plugin MetaSlider Information Disclosure (3.3.1)

Joomla! Core 1.7.0 Information Disclosure (1.7.0)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)

Severity

Medium

Classification

CVE-2010-1429 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure