CVE-2015-5188
N/A
N/A
Summary
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1252885
- http://rhn.redhat.com/errata/RHSA-2015-1905.html
- http://rhn.redhat.com/errata/RHSA-2015-1904.html
- http://rhn.redhat.com/errata/RHSA-2015-1908.html
- https://issues.jboss.org/browse/WFCORE-594
- http://rhn.redhat.com/errata/RHSA-2015-1907.html
- http://www.securitytracker.com/id/1033859
- http://rhn.redhat.com/errata/RHSA-2015-1906.html
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1252885
- http://rhn.redhat.com/errata/RHSA-2015-1905.html
- http://rhn.redhat.com/errata/RHSA-2015-1904.html
- http://rhn.redhat.com/errata/RHSA-2015-1908.html
- https://issues.jboss.org/browse/WFCORE-594
- http://rhn.redhat.com/errata/RHSA-2015-1907.html
- http://www.securitytracker.com/id/1033859
- http://rhn.redhat.com/errata/RHSA-2015-1906.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.