3 results (0.006 seconds)

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2018-10899 – jolokia: system-wide CSRF that could lead to Remote Code Execution

https://notcve.org/view.php?id=CVE-2018-10899

01 Aug 2019 — A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. Se detectó un fallo en Jolokia versiones 1.2 anteriores a 1.6.1. • https://access.redhat.com/errata/RHSA-2019:2413 • CWE-20: Improper Input Validation CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 66%CPEs: 1EXPL: 0

CVE-2018-1000129 – jolokia: Cross site scripting in the HTTP servlet

https://notcve.org/view.php?id=CVE-2018-1000129

14 Mar 2018 — An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versión 1.3.7 del agente Jolokia, en el servlet HTTP, que permite que un atacante ejecute JavaScript malicioso en el navegador de la víctima. Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards comp... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 1

CVE-2014-0168 – Jolokia: cross-site request forgery (CSRF)

https://notcve.org/view.php?id=CVE-2014-0168

02 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. Vulnerabilidad de CSRF en Jolokia anterior a 1.2.1 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que ejecutan métodos MBeans a través de una página web manipulada. It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could... • http://rhn.redhat.com/errata/RHSA-2014-1351.html • CWE-352: Cross-Site Request Forgery (CSRF) •