← Back

CVE-2011-3609

nvd nist
Published: Nov 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Affected (8)

Redhat
1 product
Jboss Application Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Jboss Application Server
Version 7.0.0
Jboss Application Server
Version 7.0.0 alpha1
Jboss Application Server
Version 7.0.0 beta1
Jboss Application Server
Version 7.0.0 beta2
Jboss Application Server
Version 7.0.0 beta3
Jboss Application Server
Version 7.0.0 cr1
Jboss Application Server
Version 7.0.1
Jboss Application Server
Version 7.0.2

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.