V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2010-3878
DEB
Medium

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP…

CVSS
4.0
Medium
EPSS
0.01
p54
Published
2010-01-01
Updated
2010-01-01
Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

Tags · CWE
CWE-352
CAPEC-62
CAPEC-111
CAPEC-462
CAPEC-467
Affected products
Glassfish-jaxbGlassfish-jaxbGlassfish-jaxwsGlassfish-jaxwsHibernate3Hibernate3Hibernate3-annotationsHibernate3-annotationsJavassistJavassistJboss-commonJboss-commonJboss-messagingJboss-messagingJboss-remotingJboss-remotingJboss-seamJboss-seamJboss-seam2Jboss-seam2
CVSS vector
AV:N/AC:L/Au:S/C:N/I:P/A:N
Timeline
2010-01-01
Published
2010-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.009 · p54
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
glassfish-jaxbTracked
glassfish-jaxbTracked
glassfish-jaxwsTracked
glassfish-jaxwsTracked
hibernate3Tracked
hibernate3Tracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
javassistTracked
javassistTracked
jboss-commonTracked
jboss-commonTracked
jboss-messagingTracked
jboss-messagingTracked
jboss-remotingTracked
jboss-remotingTracked
jboss-seamTracked
jboss-seamTracked
jboss-seam2Tracked
jboss-seam2Tracked
Showing first 20 of 42
Source databases
DEB
CVE
RED
UBU