CVE-2015-5188

2015-10-2716:59:03

CWE-352

redhat

web.nvd.nist.gov

cve-2015-5188

cross-site request forgery

csrf vulnerability

web console

red hat enterprise application platform

wildfly

remote attackers

authentication hijacking

file upload

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.

Affected configurations

Nvd

Node

redhatjboss_enterprise_application_platformRange≤6.4.3

Node

redhatjboss_wildfly_application_serverRange≤2.0.0cr8

VendorProductVersionCPE
redhatjboss_enterprise_application_platform*cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
redhatjboss_wildfly_application_server*cpe:2.3:a:redhat:jboss_wildfly_application_server:*:cr8:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	jboss_enterprise_application_platform	*	cpe:2.3:a:redhat:jboss_enterprise_application_platform::::::::
redhat	jboss_wildfly_application_server	*	cpe:2.3:a:redhat:jboss_wildfly_application_server::cr8::::::*