Lucene search
RedhatCVELIST:CVE-2014-0120HistoryDec 29, 2017 - 10:00 p.m.
CVE-2014-0120
2017-12-2922:00:00
redhat
www.cve.org
1
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running “shutdown -f.”
References
bugzilla.redhat.com/show_bug.cgi?id=1072681
github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113
infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf
Related
nvd
nvd
CVE-2014-0120
2017-12-29 22:29:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2017-12-30 00:41:23
cve
cve
CVE-2014-0120
2017-12-29 22:29:00
prion
prion
Cross site request forgery (csrf)
2017-12-29 22:29:00