Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

Remediation

References

CVE-2010-3878

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2007-1001)

Apache HTTP Server Other Vulnerability (CVE-2000-0869)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14594)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165)

Oracle Database Server CVE-2007-2112 Vulnerability (CVE-2007-2112)

Severity

Medium

Classification

CVE-2010-3878 CWE-352

Tags

Missing Update Known Vulnerabilities