Описание
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user logged in to Jolokia, could allow the attacker to execute arbitrary methods on MBeans exposed via JMX.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | amq-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-7 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-7 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | jolokia | Under investigation | ||
| Red Hat JBoss A-MQ 6.1 | Fixed | RHSA-2014:1351 | 01.10.2014 | |
| Red Hat JBoss Fuse 6.1 | Fixed | RHSA-2014:1351 | 01.10.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1084838Jolokia: cross-site request forgery (CSRF)
EPSS
Процентиль: 32%
0.00124
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
EPSS
Процентиль: 32%
0.00124
Низкий
4.3 Medium
CVSS2