CVE-2015-5178

2015-10-2716:59:00

CWE-254

[email protected]

web.nvd.nist.gov

cve-2015-5178

management console

red hat

enterprise application platform

clickjacking

x-frame-options

http header

vulnerability

wildfly

jboss application server

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

CPENameOperatorVersion
redhat:jboss_wildfly_application_serverredhat jboss wildfly application serverle2.0.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformle6.4.3

CPE	Name	Operator	Version
redhat:jboss_wildfly_application_server	redhat jboss wildfly application server	le	2.0.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	le	6.4.3