Lucene search

Veracode Vulnerability DatabaseVERACODE:11820

HistoryJan 15, 2019 - 9:08 a.m.

Clickjacking

2019-01-1509:08:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

jboss is vulnerable to clickjacking attacks. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (Clickjacking).

CPENameOperatorVersion
jboss-as-webeq7.4.1__2.Final_redhat_3.1.ep6.el6
jboss-as-webeq7.5.1__2.Final_redhat_3.1.ep6.el6
jboss-as-webeq7.3.1__3.Final_redhat_3.1.ep6.el6
jboss-as-webeq7.4.2__3.Final_redhat_2.1.ep6.el7
jboss-as-webeq7.3.1__4.Final_redhat_4.1.ep6.el5
jboss-as-webeq7.3.2__2.Final_redhat_2.1.ep6.el5
jboss-as-webeq7.3.2__2.Final_redhat_2.1.ep6.el6
jboss-as-webeq7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-webeq7.5.3__1.Final_redhat_2.1.ep6.el6
jboss-as-webeq7.4.1__2.Final_redhat_3.1.ep6.el7

Name	Operator	Version
jboss-as-web	eq	7.4.1__2.Final_redhat_3.1.ep6.el6
jboss-as-web	eq	7.5.1__2.Final_redhat_3.1.ep6.el6
jboss-as-web	eq	7.3.1__3.Final_redhat_3.1.ep6.el6
jboss-as-web	eq	7.4.2__3.Final_redhat_2.1.ep6.el7
jboss-as-web	eq	7.3.1__4.Final_redhat_4.1.ep6.el5
jboss-as-web	eq	7.3.2__2.Final_redhat_2.1.ep6.el5
jboss-as-web	eq	7.3.2__2.Final_redhat_2.1.ep6.el6
jboss-as-web	eq	7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-web	eq	7.5.3__1.Final_redhat_2.1.ep6.el6
jboss-as-web	eq	7.4.1__2.Final_redhat_3.1.ep6.el7

Rows per page:

1-10 of 58461

References

rhn.redhat.com/errata/RHSA-2015-1904.html

rhn.redhat.com/errata/RHSA-2015-1905.html

rhn.redhat.com/errata/RHSA-2015-1906.html

rhn.redhat.com/errata/RHSA-2015-1907.html

rhn.redhat.com/errata/RHSA-2015-1908.html

www.securitytracker.com/id/1033859

access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html

access.redhat.com/errata/RHSA-2015:1904

access.redhat.com/errata/RHSA-2015:1905

access.redhat.com/errata/RHSA-2015:1906

access.redhat.com/errata/RHSA-2015:1907

access.redhat.com/security/cve/CVE-2015-5178

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1250552

bugzilla.redhat.com/show_bug.cgi?id=1256985

bugzilla.redhat.com/show_bug.cgi?id=1261574

bugzilla.redhat.com/show_bug.cgi?id=1261579

bugzilla.redhat.com/show_bug.cgi?id=1261583

bugzilla.redhat.com/show_bug.cgi?id=1261587

bugzilla.redhat.com/show_bug.cgi?id=1261598

bugzilla.redhat.com/show_bug.cgi?id=1261603

bugzilla.redhat.com/show_bug.cgi?id=1261618

bugzilla.redhat.com/show_bug.cgi?id=1261622

bugzilla.redhat.com/show_bug.cgi?id=1261625

bugzilla.redhat.com/show_bug.cgi?id=1261990

bugzilla.redhat.com/show_bug.cgi?id=1262021

bugzilla.redhat.com/show_bug.cgi?id=1263379

rhn.redhat.com/errata/RHSA-2015-1905.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:11820