Description

It's possible to reach the status servlet on this JBoss system. The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.

Remediation

Restrict access to the status servlet.

References

JBossEAP status servlet info leak

JBoss/Tomcat server-status

Related Vulnerabilities

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

WordPress Plugin Contact Form Email Information Disclosure (1.2.66)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

RSA Private Key Detected

Severity

Medium

Classification

CVE-2010-1429 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure