CVE-2015-5188
EXPLOITED RANSOMWARERed Hat JBoss Enterprise Application Platform < 6.4.4 and WildFly < 2.0.0 - Cross-Site Request Forgery via File Upload
Title source: llmExploitation Summary
CVE-2015-5188 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.
Description
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1252885
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1905.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1904.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1908.html
Vendor Advisory x_refsource_confirm
https://issues.jboss.org/browse/WFCORE-594
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1907.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033859
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1906.html
Scores
EPSS
0.0114
EPSS Percentile
62.8%
Details
VulnCheck KEV
2016-03-25
Ransomware Use
Confirmed
CWE
CWE-352
Status
published
Products (2)
redhat/jboss_enterprise_application_platform
< 6.4.3
redhat/jboss_wildfly_application_server
< 2.0.0
Published
Oct 27, 2015
Tracked Since
Feb 18, 2026