4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
jboss is vulnerable to clickjacking attacks. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (Clickjacking).
rhn.redhat.com/errata/RHSA-2015-1904.html
rhn.redhat.com/errata/RHSA-2015-1904.html
rhn.redhat.com/errata/RHSA-2015-1905.html
rhn.redhat.com/errata/RHSA-2015-1905.html
rhn.redhat.com/errata/RHSA-2015-1906.html
rhn.redhat.com/errata/RHSA-2015-1906.html
rhn.redhat.com/errata/RHSA-2015-1907.html
rhn.redhat.com/errata/RHSA-2015-1907.html
rhn.redhat.com/errata/RHSA-2015-1908.html
rhn.redhat.com/errata/RHSA-2015-1908.html
www.securitytracker.com/id/1033859
www.securitytracker.com/id/1033859
access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
access.redhat.com/errata/RHSA-2015:1904
access.redhat.com/errata/RHSA-2015:1905
access.redhat.com/errata/RHSA-2015:1906
access.redhat.com/errata/RHSA-2015:1907
access.redhat.com/security/cve/CVE-2015-5178
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1250552
bugzilla.redhat.com/show_bug.cgi?id=1250552
bugzilla.redhat.com/show_bug.cgi?id=1256985
bugzilla.redhat.com/show_bug.cgi?id=1261574
bugzilla.redhat.com/show_bug.cgi?id=1261579
bugzilla.redhat.com/show_bug.cgi?id=1261583
bugzilla.redhat.com/show_bug.cgi?id=1261587
bugzilla.redhat.com/show_bug.cgi?id=1261598
bugzilla.redhat.com/show_bug.cgi?id=1261603
bugzilla.redhat.com/show_bug.cgi?id=1261618
bugzilla.redhat.com/show_bug.cgi?id=1261622
bugzilla.redhat.com/show_bug.cgi?id=1261625
bugzilla.redhat.com/show_bug.cgi?id=1261990
bugzilla.redhat.com/show_bug.cgi?id=1262021
bugzilla.redhat.com/show_bug.cgi?id=1263379
rhn.redhat.com/errata/RHSA-2015-1905.html