Trusted Design

• 重大度: Unknown
• 公開日: 2010-04-28
• 更新日: 2025-10-22

概要

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

このCVEに関連するMITRE ATT&CKテクニック

• T1557 - Adversary-in-the-Middle
• T1003.002 - Security Account Manager
• T1192 - Spearphishing Link
• T1652 - Device Driver Discovery
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1021.008 - Direct Cloud VM Connections
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1602.002 - Network Device Configuration Dump
• T1145 - Private Keys
• T1155 - AppleScript
• T1179 - Hooking
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1480 - Execution Guardrails
• T1654 - Log Enumeration
• T1598.002 - Spearphishing Attachment
• T1497.002 - User Activity Based Checks
• T1496.004 - Cloud Service Hijacking
• T1071.002 - File Transfer Protocols
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1219.003 - Remote Access Hardware
• T1601 - Modify System Image
• T1078 - Valid Accounts
• T1486 - Data Encrypted for Impact
• T1595.003 - Wordlist Scanning
• T1499 - Endpoint Denial of Service
• T1090.004 - Domain Fronting
• T1565.002 - Transmitted Data Manipulation
• T1543.001 - Launch Agent
• T1223 - Compiled HTML File
• T1111 - Multi-Factor Authentication Interception
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1035 - Service Execution
• T1086 - PowerShell
• T1566.003 - Spearphishing via Service

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る