Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-7034
HistorySep 06, 2016 - 5:18 a.m.

CVE-2016-7034

2016-09-0605:18:45
redhat.com
access.redhat.com
6

EPSS

0.001

Percentile

48.6%

JSON

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser’s history, referrers, web logs, and other sources. Attackers may be able to obtain old tokens from various sources in the network and perform CSRF attacks successfully.

Related

cve 1
cvelist 1
nvd 1
prion 1
redhat 2
cve
cve
CVE-2016-7034
2016-09-07 18:59:07
cvelist
cvelist
CVE-2016-7034
2016-09-07 18:00:00
nvd
nvd
CVE-2016-7034
2016-09-07 18:59:07
prion
prion
Cross site request forgery (csrf)
2016-09-07 18:59:00
redhat
redhat
(RHSA-2018:0296) Moderate: Red Hat JBoss Data Virtualization 6.4 security update
2018-02-13 15:47:27
(RHSA-2017:0557) Moderate: Red Hat JBoss BPM Suite security update
2017-03-16 21:01:51

EPSS

0.001

Percentile

48.6%

JSON
Related for RH:CVE-2016-7034
cve1cvelist1nvd1prion1redhat2