CVE-2010-2493 (retired)

The default configuration of the deployment descriptor (aka web.xml) in
picketlink-sts.war in (1) the security_saml quickstart, (2) the
webservice_proxy_security quickstart, (3) the web-console application, (4)
the http-invoker application, (5) the gpd-deployer application, (6) the
jbpm-console application, (7) the contract application, and (8) the
uddi-console application in JBoss Enterprise SOA Platform before 5.0.2
contains GET and POST http-method elements, which allows remote attackers
to bypass intended access restrictions via a crafted HTTP request.
Upstream:released (5.0.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-04-26 14:33:00 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)