Cross-site Request Forgery (CSRF)

2020-04-1000:50:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

56.3%

JSON

JBoss is vulnerable to Cross-site request forgery (CSRF). flaw was found in the JMX Console. A remote attacker could use this flaw to deploy a WAR file of their choosing on the target server, if they are able to trick a user, who is logged into the JMX Console as the admin user, into visiting a specially-crafted web page.

CPENameOperatorVersion
hibernate3eq3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3eq3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1
hibernate3eq3.2.4__1.SP1_CP02.0jpp.ep1.1.el4
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docseq4.2.0__1.ep1.22.el5
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docseq4.2.0__2.CP01.ep1.2.el5
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el4
hibernate3-annotationseq3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el5.1

Name	Operator	Version
hibernate3	eq	3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3	eq	3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1
hibernate3	eq	3.2.4__1.SP1_CP02.0jpp.ep1.1.el4
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docs	eq	4.2.0__1.ep1.22.el5
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docs	eq	4.2.0__2.CP01.ep1.2.el5
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el4
hibernate3-annotations	eq	3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el5.1