Description

It's possible to reach the status servlet on this JBoss system. The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.

Remediation

Restrict access to the status servlet.

References

JBossEAP status servlet info leak

JBoss/Tomcat server-status

Related Vulnerabilities

SAP Management Console list logfiles

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5868)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.2)

[Possible] Sublime SFTP Config File Detected

webadmin.php script

Severity

Medium

Classification

CVE-2010-1429 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure