CVE-2010-3878
Red Hat JBoss Enterprise Application Platform 4.3 - Cross-Site Request Forgery in JMX Console
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0938.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0937.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=604617
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0939.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024813
Scores
EPSS
0.0087
EPSS Percentile
54.6%
Details
CWE
CWE-352
Status
published
Products (1)
redhat/jboss_enterprise_application_platform
4.3.0 (9 CPE variants)
Published
Dec 30, 2010
Tracked Since
Feb 18, 2026