CVE-2015-5188

CWE-352 — Cross-Site Request Forgery (CSRF)6 documents6 sources

Severity

6.8MEDIUM

EPSS

0.3%

top 43.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform Redhat Jboss Wildfly Application Server

Timeline

PublishedOct 27

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform6.4.3

▶NVDredhat/jboss_wildfly_application_server2.0.0

🔴Vulnerability Details

GHSA

GHSA-c2j4-9xj5-q5rr: Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6↗2022-05-17

▶

CVEList

CVE-2015-5188: Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6↗2015-10-27

▶

VulnCheck

Red Hat JBoss Application Server Cross-Site Request Forgery (CSRF)↗2015

▶

📋Vendor Advisories

Red Hat

EAP: CSRF vulnerability in EAP & WildFly Web Console↗2015-10-15

▶

💬Community

Bugzilla

CVE-2015-5188 JBoss EAP: CSRF vulnerability in EAP & WildFly Web Console↗2015-08-12

▶