CVE-2015-5188

EXPLOITED RANSOMWARE

Red Hat JBoss Enterprise Application Platform < 6.4.4 and WildFly < 2.0.0 - Cross-Site Request Forgery via File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-5188 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.

References (8)

Core 8
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1252885
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1905.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1904.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1908.html
Vendor Advisory x_refsource_confirm
https://issues.jboss.org/browse/WFCORE-594
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1907.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033859
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1906.html

Scores

EPSS 0.0114
EPSS Percentile 62.8%

Details

VulnCheck KEV 2016-03-25
Ransomware Use Confirmed
CWE
CWE-352
Status published
Products (2)
redhat/jboss_enterprise_application_platform < 6.4.3
redhat/jboss_wildfly_application_server < 2.0.0
Published Oct 27, 2015
Tracked Since Feb 18, 2026