Description

It's possible to reach the status servlet on this JBoss system. The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.

Remediation

Restrict access to the status servlet.

References

JBossEAP status servlet info leak

JBoss/Tomcat server-status

Related Vulnerabilities

Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10679)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)

Error page web server version disclosure

Severity

Medium

Classification

CVE-2010-1429 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure