CVE-2010-0738

KEV · Ransomware EPSS 91.52% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-0738

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat JBoss Enterprise Application Platform 权限许可和访问控制问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat JBoss Enterprise Application Platform（EAP）是美国红帽（Red Hat）公司的一套开源的、基于J2EE的中间件平台。该平台主要用于构建、部署和托管Java应用程序与服务。 Red Hat JBoss Enterprise Application Platform存在权限许可和访问控制问题漏洞，该漏洞源于允许远程攻击者使用不同的方法向此应用程序的GET处理程序发送请求。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2010-0738

#	POC Description	Source Link	Shenlong Link
1	JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security	https://github.com/ChristianPapathanasiou/jboss-autopwn	POC Details
2	JBoss Autopwn CVE-2010-0738 JBoss authentication bypass	https://github.com/gitcollect/jboss-autopwn	POC Details
3	JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security	https://github.com/1872892142/jboss-autopwn-1	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2010-0738

请登录查看更多情报信息。

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=574105x_refsource_CONFIRM
http://securityreason.com/securityalert/8408third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/39563third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/39710vdb-entryx_refsource_BID
http://securitytracker.com/id?1023918vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132129312609324&w=2vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2010/0992vdb-entryx_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2010-0376.htmlvendor-advisoryx_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2010-0379.htmlvendor-advisoryx_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2010-0378.htmlvendor-advisoryx_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2010-0377.htmlvendor-advisoryx_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2010-0738

Same Patch Batch · n/a · 2010-04-28 · 18 CVEs total

CVE-2010-1596		SITracke Support Incident Tracker授权问题漏洞
CVE-2010-1587		Apache ActiveMQ URL请求源码泄露漏洞
CVE-2010-1586		HP系统管理主页RedirectUrl参数URI重新定向漏洞
CVE-2010-1585		Mozilla Firefox/Thunderbird/SeaMonkey nsIScriptableUnescapeHTML.parseFragment方法输入验证漏洞
CVE-2010-1429		Red Hat JBoss Enterprise Application Platform 权限许可和访问控制问题漏洞
CVE-2010-1428		Red Hat JBoss企业应用平台多个漏洞
CVE-2010-1038		HP Systems Insight Manager 未明权限提升漏洞
CVE-2010-1037		HP Systems Insight Manager 未明跨站请求伪造漏洞
CVE-2010-1036		HP Systems Insight Manager 未明跨站脚本攻击漏洞
CVE-2010-1588		Vpasp Rocksalt International VP-ASP Shopping Cart 'shopsessionsubs.asp' Getwebsess函数SQL注入漏
CVE-2010-1595		OCS Inventory NG 'ocsreports/index.php'多个SQL注入漏洞
CVE-2010-1594		OCS Inventory NG 'ocsreports/index.php'多个跨站脚本攻击漏洞
CVE-2010-1593		SilverStripe 多个跨站脚本攻击漏洞
CVE-2010-1592		SiSoftware Sandra 'sandra.sys'输入验证漏洞
CVE-2010-1591		Rising-Global瑞星杀毒软件IOCTL请求处理本地权限提升漏洞
CVE-2010-1590		Vpasp Rocksalt International VP-ASP Shopping Cart 'shopsessionsubs.asp'跨站脚本攻击漏洞
CVE-2010-1589		Vpasp Rocksalt International VP-ASP Shopping Cart 'shopsessionsubs.asp'目录遍历漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2010-0738

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2010-0738

I. Basic Information for CVE-2010-0738

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2010-0738

III. Intelligence Information for CVE-2010-0738

Same Patch Batch · n/a · 2010-04-28 · 18 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2010-0738

Leave a comment