CVE-2014-0168
Jolokia < 1.2.1 - Cross-Site Request Forgery via MBeans Method Execution
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
References (2)
Core 2
Core References
Exploit x_refsource_confirm
https://github.com/rhuss/jolokia/commit/2d9b168cfbbf5a6d16fa6e8a5b34503e3dc42364
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1351.html
Scores
EPSS
0.0074
EPSS Percentile
50.2%
Details
CWE
CWE-352
Status
published
Products (15)
jolokia/jolokia
1.0.0
jolokia/jolokia
1.0.1
jolokia/jolokia
1.0.2
jolokia/jolokia
1.0.3
jolokia/jolokia
1.0.4
jolokia/jolokia
1.0.5
jolokia/jolokia
1.0.6
jolokia/jolokia
1.1.0
jolokia/jolokia
1.1.1
jolokia/jolokia
1.1.2
... and 5 more
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026