CVE-2011-3609

Name of the Vulnerable Software and Affected Versions JBoss Application Server versions prior to 7.1.0

Description A CSRF issue was found in JBoss Application Server, where it did not properly restrict access to the management console information. This can be exploited via the Access-Control-Allow-Origin HTTP access control flag, potentially leading to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Recommendations For JBoss Application Server versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.