Cross-Site Request Forgery Vulnerability in WSO2 Identity Server
CVE-2016-4311

8.8HIGH

Key Information:

Vendor

Wso2

Status
Identity Server
Vendor
CVE Published:
17 February 2017

What is CVE-2016-4311?

The vulnerability allows remote attackers to exploit the XACML flow feature in WSO2 Identity Server version 5.1.0, enabling them to hijack the authentication of privileged users. This occurs through crafted requests that process XACML actions, specifically targeting the entitlement/eval-policy-submit.jsp endpoint. If successful, attackers may perform unauthorized actions on behalf of the victim user, potentially compromising sensitive data and access controls.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/40239/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/539199/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/92485
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.