Описание
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
It was found that JBoss A-MQ's Jolokia API does not have token or referrer checks, and could possibly allow a cross-site request forgery (CSRF) attack. An attacker could use this vulnerability to run application code with the same permissions as an authenticated user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | amq-6 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1248809Console: CSRF via form-based API call
EPSS
Процентиль: 44%
0.00215
Низкий
4.9 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.8
nvd
больше 8 лет назад
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
CVSS3: 8.8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
EPSS
Процентиль: 44%
0.00215
Низкий
4.9 Medium
CVSS2