CVE-2013-4810
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-4810 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
CVE-2013-4810 refers to the exposure of unauthenticated JMXInvokerServlet and EJBInvokerServlet interfaces on HP ProCurve Manager (PCM). These servlets are also, however, exposed without authentication on older, unsupported community releases of JBoss AS (WildFly) 4.x and 5.x.
All supported Red Hat JBoss products that include the JMXInvokerServlet and EJBInvokerServlet interfaces apply authentication by default and are not affected by this issue.
Community releases of JBoss AS (WildFly) 7.x are also not affected by this issue.
Users of older, unsupported community releases of JBoss AS (WildFly) are advised to follow the instructions available here to apply authentication to the invoker servlet interfaces:
https://community.jboss.org/wiki/SecureJboss/
Note: Red Hat has been aware of this issue since 2012, as identified in CVE-2012-0874, and addressed the issue for supported Red Hat JBoss products based on JBoss AS 4.x and 5.x.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 10 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
External References
CVE description copyright © 2017, The MITRE Corporation