PT-2010-5134 · Red Hat · Red Hat Jboss Enterprise Application Platform

Marc Schoenefeld

Publicado

2010-12-30

Atualizado

2010-12-30

CVE-2010-3878

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform versions prior to 4.3.0.CP09

Description A cross-site request forgery (CSRF) issue exists in the JMX Console of the affected software, allowing remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

Recommendations For versions prior to 4.3.0.CP09, update to version 4.3.0.CP09 or later to resolve the issue. As a temporary workaround, consider restricting access to the JMX Console to minimize the risk of exploitation.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2010-3878

RHSA-2010:0937

RHSA-2010:0938

Produtos afetados

Red Hat Jboss Enterprise Application Platform

PT-2010-5134 · Red Hat · Red Hat Jboss Enterprise Application Platform

CVE-2010-3878

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7