Cross-site Request Forgery (CSRF)

🗓️ 10 Apr 2020 00:50:36Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 16 Views

JBoss vulnerability to CSRF in JMX Console

Reporter	Title	Published	Views	Family All 17
CVE	CVE-2010-3878	30 Dec 201020:00	–	cve
Cvelist	CVE-2010-3878	30 Dec 201020:00	–	cvelist
EUVD	EUVD-2010-3856	7 Oct 202500:30	–	euvd
NVD	CVE-2010-3878	30 Dec 201021:00	–	nvd
OpenVAS	Red Hat JBoss Enterprise Application Platform (EAP) <= 4.3.0 Multiple Vulnerabilities	2 Dec 201000:00	–	openvas
OSV	RHSA-2010:0937 Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP09 update	15 Sep 202418:39	–	osv
OSV	RHSA-2010:0938 Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP09 update	15 Sep 202418:39	–	osv
Prion	Cross site request forgery (csrf)	30 Dec 201021:00	–	prion
Tenable Nessus	RHEL 4 : JBoss EAP (RHSA-2010:0937)	24 Jan 201300:00	–	nessus
Tenable Nessus	RHEL 5 : JBoss Enterprise Application Platform 4.3.0.CP09 update (Important) (RHSA-2010:0938)	24 Jan 201300:00	–	nessus

Vulners

Node

hibernate3 hibernate3Match3.2.4_1.sp1_cp02.0jpp.ep1.1.el4

hibernate3 hibernate3Match3.2.4_1.sp1_cp02.0jpp.ep1.1.el5.1

hibernate3 hibernate3Match3.2.4_1.sp1_cp01.0jpp.ep1.1.el5.1

rh-eap-docs rh-eap-docsMatch4.2.0_3.ga_cp02.ep1.1.el4

rh-eap-docs rh-eap-docsMatch4.2.0_2.cp01.ep1.2.el5

rh-eap-docs rh-eap-docsMatch4.2.0_3.ga_cp02.ep1.1.el5.1

rh-eap-docs rh-eap-docsMatch4.2.0_1.ep1.22.el5

hibernate3-annotations hibernate3-annotationsMatch3.2.1_1.patch02.1jpp.ep1.2.el4

hibernate3-annotations hibernate3-annotationsMatch3.2.1_1.patch02.1jpp.ep1.2.el5.1

hibernate3-annotations hibernate3-annotationsMatch3.2.1_1.patch01.1jpp.ep1.3.el5

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.7.el4

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.6.el4

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.4.el4

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.7.el5

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.6.el5

jboss-seam2 jboss-seam2Match2.0.2.fp_sec1_1.ep2.3.el5

jboss-seam jboss-seamMatch1.2.1_1.ep1.3.el4

jboss-seam jboss-seamMatch1.2.1_1.ep1.2.el5

jboss-seam jboss-seamMatch1.2.1_1.ep1.3.el5

jboss-seam jboss-seamMatch1.2.0_1.ap.ep1.19.el5

jbossas jbossasMatch4.0.5_1.el4s1.5

jbossas jbossasMatch4.0.4_1.el4s1.25

jbossas jbossasMatch4.2.0_3.ga_cp02.ep1.3.el4

jbossas jbossasMatch4.0.5_2.cp04.el4s1.2

jbossas jbossasMatch4.0.4_1.el4s1.20

jbossas jbossasMatch4.2.0_6.ga_cp09.11.ep1.el4

jbossas jbossasMatch4.2.0_6.ga_cp09.11.1.ep1.el5

jbossas jbossasMatch4.2.0_4.ga_cp02.ep1.3.el5.3

jbossas jbossasMatch4.2.0_1.ep1.9.el5

jbossas jbossasMatch4.2.0_2.cp01.ep1.3.el5

redhat jbosswebMatch2.0.0_2.cp01.0jpp.ep1.4.el5

redhat jbosswebMatch2.0.0_3.cp05.0jpp.ep1.1.el5

jbossts jbosstsMatch4.2.3_1.sp5.1jpp.ep1.1.el5

quartz quartzMatch1.5.2_1jpp.ep1.5.el5

javassist javassistMatch3.5.0_1jpp.ep1.5.el5.1

xalan-j2 xalan-j2Match2.7.0_13.2.ep5.el5

jgroups jgroupsMatch2.4.1.3_1jpp.ep1.1.el5

jgroups jgroupsMatch2.4.1_1.sp4.0jpp.ep1.2.el5

jboss jboss-remotingMatch2.2.2_3.sp4.0jpp.ep1.1.el5

jboss jboss-remotingMatch2.2.2_1jpp.ep1.5.el5

jboss-common jboss-commonMatch1.2.0_0jpp.ep1.2.el5.2

jboss-common jboss-commonMatch1.2.1_0jpp.ep1.2.el5.1

Source	Link
securitytracker	www.securitytracker.com/id
securitytracker	www.securitytracker.com/id
access	www.access.redhat.com/errata/RHSA-2010:0937
docs	www.docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
redhat	www.redhat.com/security/updates/classification/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
redhat	www.redhat.com/support/errata/RHSA-2010-0937.html
redhat	www.redhat.com/support/errata/RHSA-2010-0937.html
redhat	www.redhat.com/support/errata/RHSA-2010-0938.html

19 Apr 2022 18:25Current

1.7Low risk

Vulners AI Score1.7

CVSS 24.3

EPSS0.00136