CSRF Vulnerability in JBoss Application Server Management Console
CVE-2011-3609

6.5MEDIUM

Key Information:

Vendor

JBoss Application Server

Status
JBoss Application Server
Vendor
CVE Published:
26 November 2019

What is CVE-2011-3609?

A Cross-Site Request Forgery (CSRF) vulnerability exists in JBoss Application Server versions prior to 7.1.0, allowing attackers to exploit insufficient access controls in the management console. If an authenticated user with administrative privileges unknowingly visits a maliciously crafted web page, it can lead to unauthorized access to sensitive management console data. This occurs due to a lack of proper restrictions on the Access-Control-Allow-Origin HTTP header, which could facilitate information leakage without the user's consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JBoss Application Server 7 before 7.1.0

References

https://security-tracker.debian.org/tracker/CVE-2011-3609
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-3609
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.