Cross site request forgery (csrf)

2010-12-3021:00:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

CPENameOperatorVersion
jboss_enterprise_application_platformeq4.3.0 cp6
jboss_enterprise_application_platformeq4.3.0
jboss_enterprise_application_platformeq4.3.0 cp1
jboss_enterprise_application_platformeq4.3.0 cp4
jboss_enterprise_application_platformeq4.3.0 cp7
jboss_enterprise_application_platformeq4.3.0 cp3
jboss_enterprise_application_platformeq4.3.0 cp2
jboss_enterprise_application_platformeq4.3.0 cp8
jboss_enterprise_application_platformeq4.3.0 cp5

Name	Operator	Version
jboss_enterprise_application_platform	eq	4.3.0 cp6
jboss_enterprise_application_platform	eq	4.3.0
jboss_enterprise_application_platform	eq	4.3.0 cp1
jboss_enterprise_application_platform	eq	4.3.0 cp4
jboss_enterprise_application_platform	eq	4.3.0 cp7
jboss_enterprise_application_platform	eq	4.3.0 cp3
jboss_enterprise_application_platform	eq	4.3.0 cp2
jboss_enterprise_application_platform	eq	4.3.0 cp8
jboss_enterprise_application_platform	eq	4.3.0 cp5