PT-2010-5134 · Red Hat · Red Hat Jboss Enterprise Application Platform

Marc Schoenefeld

Published

2010-12-30

Updated

2010-12-30

CVE-2010-3878

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform versions prior to 4.3.0.CP09

Description A cross-site request forgery (CSRF) issue exists in the JMX Console of the affected software, allowing remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

Recommendations For versions prior to 4.3.0.CP09, update to version 4.3.0.CP09 or later to resolve the issue. As a temporary workaround, consider restricting access to the JMX Console to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2010-3878

RHSA-2010:0937

RHSA-2010:0938

Affected Products

Red Hat Jboss Enterprise Application Platform

PT-2010-5134 · Red Hat · Red Hat Jboss Enterprise Application Platform

CVE-2010-3878

Weakness Enumeration

Related Identifiers

Affected Products

References · 7