CVE-2015-5188

Impact:
Moderate
Public Date:
2015-10-15
CWE:
CWE-352
Bugzilla:
1252885: CVE-2015-5188 JBoss EAP: CSRF vulnerability in EAP & WildFly Web Console
It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance.

Find out more about CVE-2015-5188 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.1
Base Metrics AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server RHSA-2015:1906 2015-10-15
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (jboss-ec2-eap) RHSA-2015:1907 2015-10-15
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2015:1905 2015-10-15
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2015:1904 2015-10-15

Affected Packages State

Platform Package State
Red Hat JBoss Operations Network 3 wildfly Will not fix
Red Hat JBoss Data Grid 6 wildfly Will not fix

Acknowledgements

This issue was discovered by Jason Greene of the Red Hat Middleware Engineering Team.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.