[jboss-jira] [JBoss JIRA] (JBJMX-115) CSRF vulnerability
David Jorm (JIRA)
issues at jboss.org
Mon May 5 20:54:56 EDT 2014
[ https://issues.jboss.org/browse/JBJMX-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jorm resolved JBJMX-115.
------------------------------
Resolution: Won't Fix
This issue is covered by CVE-2011-2908:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2908
A fix is implemented in EAP 5.2.0. AS/WildFly 7 and above are not affected. I do not believe a fix as been applied to the JBoss AS 5 stream, as this is no longer maintained.
> CSRF vulnerability
> ------------------
>
> Key: JBJMX-115
> URL: https://issues.jboss.org/browse/JBJMX-115
> Project: JBoss JMX
> Issue Type: Enhancement
> Reporter: Aurélien Leboulanger
>
> i found no information about a potential remedy of this CSRF vulnerability.
> CVE-2007-1157 : Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list