Description

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.

Remediation

References

CVE-2015-5304

Related Vulnerabilities

IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10751)

Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WP Cross-Site Scripting (1.2.2.28)

WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.1)

Severity

Low

Classification

CVE-2015-5304 CWE-264

Tags

Missing Update Known Vulnerabilities