Description

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Remediation

References

CVE-2015-5178

Related Vulnerabilities

WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)

WordPress Plugin BLAZE Retail Widget Malicious Code (2.5.2)

MySQL CVE-2020-2779 Vulnerability (CVE-2020-2779)

Apache Tomcat version older than 7.0.28

WordPress Plugin WooCommerce-Store Exporter Privilege Escalation (1.8.3)

Severity

Medium

Classification

CVE-2015-5178

Tags

Missing Update Known Vulnerabilities