CVE-2010-3878

Red Hat JBoss Enterprise Application Platform 4.3 - Cross-Site Request Forgery in JMX Console

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0938.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0937.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=604617
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0939.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024813

Scores

EPSS 0.0087
EPSS Percentile 54.6%

Details

CWE
CWE-352
Status published
Products (1)
redhat/jboss_enterprise_application_platform 4.3.0 (9 CPE variants)
Published Dec 30, 2010
Tracked Since Feb 18, 2026