3 results (0.005 seconds)

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. Se detectó un fallo en Jolokia versiones 1.2 anteriores a 1.6.1. • https://access.redhat.com/errata/RHSA-2019:2413 https://access.redhat.com/errata/RHSA-2019:2804 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10899 https://jolokia.org/changes-report.html#a1.6.1 https://lists.apache.org/thread.html/1392fbebb4fbbec379a40d16e1288fe1e4c0289d257e5206051a3793%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r46f6dbc029f49e1f638c6eb82accb94b7f990d818cb3b3bc0007dd0a%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r64701caec91c43efd7416d6bddef88447371101e00e8562 • CWE-20: Improper Input Validation CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versión 1.3.7 del agente Jolokia, en el servlet HTTP, que permite que un atacante ejecute JavaScript malicioso en el navegador de la víctima. • https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:3817 https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad https://jolokia.org/#Security_fixes_with_1.5.0 https://access.redhat.com/security/cve/CVE-2018-1000129 https://bugzilla.redhat.com/show_bug.cgi?id=1559317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 1

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. Vulnerabilidad de CSRF en Jolokia anterior a 1.2.1 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que ejecutan métodos MBeans a través de una página web manipulada. It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user logged in to Jolokia, could allow the attacker to execute arbitrary methods on MBeans exposed via JMX. • http://rhn.redhat.com/errata/RHSA-2014-1351.html https://github.com/rhuss/jolokia/commit/2d9b168cfbbf5a6d16fa6e8a5b34503e3dc42364 https://access.redhat.com/security/cve/CVE-2014-0168 https://bugzilla.redhat.com/show_bug.cgi?id=1084838 • CWE-352: Cross-Site Request Forgery (CSRF) •