CVE-2018-1000129
jolokia: Cross site scripting in the HTTP servlet
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versión 1.3.7 del agente Jolokia, en el servlet HTTP, que permite que un atacante ejecute JavaScript malicioso en el navegador de la víctima.
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix: Issues addressed include a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-14 CVE Reserved
- 2018-03-14 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad | 2019-03-07 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2669 | 2019-03-07 | |
| https://access.redhat.com/errata/RHSA-2018:3817 | 2019-03-07 | |
| https://jolokia.org/#Security_fixes_with_1.5.0 | 2019-03-07 | |
| https://access.redhat.com/security/cve/CVE-2018-1000129 | 2018-12-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559317 | 2018-12-11 |