CVE-2015-5178

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Application Platform versions prior to 6.4.4 WildFly (formerly JBoss Application Server) versions prior to 6.4.4

Description The issue is related to the Management Console in Red Hat Enterprise Application Platform and WildFly, which does not send an X-Frame-Options HTTP header. This makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a FRAME or IFRAME element. The vulnerability is associated with errors in security settings, allowing a remote attacker to exploit it and conduct clickjacking attacks using a specially formed page.

Recommendations For Red Hat Enterprise Application Platform versions prior to 6.4.4, update to version 6.4.4 or later. For WildFly (formerly JBoss Application Server) versions prior to 6.4.4, update to version 6.4.4 or later. As a temporary workaround, consider configuring the Management Console to send an X-Frame-Options HTTP header to prevent clickjacking attacks.