CVE-2014-0168

Jolokia < 1.2.1 - Cross-Site Request Forgery via MBeans Method Execution

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1351.html

Scores

EPSS 0.0074
EPSS Percentile 50.2%

Details

CWE
CWE-352
Status published
Products (15)
jolokia/jolokia 1.0.0
jolokia/jolokia 1.0.1
jolokia/jolokia 1.0.2
jolokia/jolokia 1.0.3
jolokia/jolokia 1.0.4
jolokia/jolokia 1.0.5
jolokia/jolokia 1.0.6
jolokia/jolokia 1.1.0
jolokia/jolokia 1.1.1
jolokia/jolokia 1.1.2
... and 5 more
Published Oct 06, 2014
Tracked Since Feb 18, 2026