CVE-2015-5188

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Application Platform versions prior to 6.4.4 WildFly versions prior to 2.0.0.CR9

Description A cross-site request forgery (CSRF) issue in the Web Console allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance. This can occur via vectors involving a file upload using a multipart/form-data submission. The exploitation of this issue may enable a remote attacker to authenticate as an administrator when the administrator performs actions related to file uploads.

Recommendations For Red Hat Enterprise Application Platform versions prior to 6.4.4, update to version 6.4.4 or later. For WildFly versions prior to 2.0.0.CR9, update to version 2.0.0.CR9 or later. As a temporary workaround, consider restricting access to the Web Console or disabling file upload functionality using multipart/form-data submissions until a patch is applied.