CVE-2010-3878 — Cross-Site Request Forgery in Redhat Jboss Enterprise Application Platform

CWE-352 — Cross-Site Request Forgery6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 66.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedDec 30

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform4.3.0

🔴Vulnerability Details

GHSA

GHSA-m98g-p242-2jrr: Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2022-05-17

▶

CVEList

CVE-2010-3878: Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2010-12-30

▶

💥Exploits & PoCs

Exploit-DB

Ultra Shareware Office Control - ActiveX HttpUpload Buffer Overflow (Metasploit)↗2010-09-20

▶

📋Vendor Advisories

Red Hat

JBoss EAP jmx console FileDeployment CSRF↗2010-06-15

▶

💬Community

Bugzilla

CVE-2010-3878 JBoss EAP jmx console FileDeployment CSRF↗2010-06-16

▶