what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2015-5188

Status Candidate

Overview

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.

Related Files

Red Hat Security Advisory 2015-1908-01
Posted Oct 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1908-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
SHA-256 | c44927f86da770a4d9e1517bb9ee548d5e371862766c0daf3935aff11a71d79e
Red Hat Security Advisory 2015-1906-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1906-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
SHA-256 | e40396353698fb455ec494d73e9849da2cf5495760a4994715917a2923320a40
Red Hat Security Advisory 2015-1907-01
Posted Oct 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1907-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
SHA-256 | eb927aee644dfa05c9e682753edffe2f99a92f01c18d732cc2610d84730383f9
Red Hat Security Advisory 2015-1905-01
Posted Oct 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1905-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
SHA-256 | eb89c322dc05195d96293e7b3bd6a45b4ccccfc51fd47a2b7459b5426241ae07
Red Hat Security Advisory 2015-1904-01
Posted Oct 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1904-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
SHA-256 | 7b54a9054616b3b919e4de2504b70a27a7eb58995a4d8000629e3621f0203efa
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close