3797 matches found
CVE-2015-6374
The CVE-2015-6374 vulnerability affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices, where the web interface inadequately restricts IFRAME usage. The root cause is insufficient input sanitization of iframe data in HTTP requests, enabling remote attackers to pe...
Cisco Firepower 9000 Series Switches Clickjacking Vulnerability
Cisco Firepower 9000 Series Switches are Cisco 9000 series switch products. A clickjacking vulnerability exists in Cisco Firepower 9000 Series Switches. This vulnerability could be exploited by remote attackers to compromise an affected device and obtain sensitive information...
Cisco Firepower 9000 Series Switch Clickjacking Vulnerability
A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...
CubeCart 6.0.7 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: CubeCart 6.0.7 Fixed in: 6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015...
Multiple routers contain issue in preventing clickjacking attacks
Overview Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
JVN#48135658: Multiple routers contain issue in preventing clickjacking attacks
Multiple router products contain an issue in the protection against clickjacking attacks. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply a solution Solutions vary depending on the product. Apply the appropriate solution according to...
Red Hat Enterprise Application Platform Clickjacking Attack Vulnerability
Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source, J2EE-based middleware platform, which is mainly used to build, deploy and host Java applications and services. A clickjacking attack vulnerability exists in Red Hat Enterprise Application...
CVE-2015-5178
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...
Design/Logic Flaw
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...
CVE-2015-5178
CVE-2015-5178 affects Red Hat JBoss Enterprise Application Platform (EAP) / WildFly up to version 6.4.3 where the Management Console did not send X-Frame-Options, enabling clickjacking via a crafted page containing a FRAME/IFRAME. Remediation per RHSA-2015:1906 is to upgrade to 6.4.4 (EAP/WildFly...
CVE-2015-5178
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...
PT-2015-2598 · Red Hat · Red Hat Jboss Enterprise Application Platform +1
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Application Platform versions prior to 6.4.4 WildFly formerly JBoss Application Server versions prior to 6.4.4 Description: The issue is related to the Management Console in Red Hat Enterprise Application Platform and...
InVision: X-Frame-Options Header Not Set
Hi , Wamim Here With a dising issue iMPACT : X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks. Soliution : Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site if you expect th...
RHEL 6 : JBoss EAP (RHSA-2015:1905)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common...
RHEL 5 : JBoss EAP (RHSA-2015:1904)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...