PT-2019-8770 · Jolokia · Jolokia

Laura Pardo

Publicado

2019-08-01

Atualizado

2022-05-24

CVE-2018-10899

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jolokia versions 1.2 through 1.6.0

Description A flaw in the software makes it vulnerable to a system-wide CSRF attack, even in properly configured instances with strict checking for origin and referrer headers. This could potentially result in a Remote Code Execution attack.

Recommendations For Jolokia versions 1.2 through 1.6.0, update to version 1.6.1 or later to resolve the issue.

Correção

RCE

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-352

Identificadores relacionados

CVE-2018-10899

GHSA-XCXF-7Q4P-CJ26

Produtos afetados

Jolokia

PT-2019-8770 · Jolokia · Jolokia

CVE-2018-10899

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21