Red Hat JBoss A-MQ Jolokia API cross-site request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Red Hat JBoss A-MQ (Application Server Software) (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown function of the component Jolokia API. Upgrading eliminates this vulnerability. A possible mitigation has been published 12 months after the disclosure of the vulnerability.

Field09/26/2017 09:00 AM11/19/2019 11:29 AM01/14/2021 11:55 AM
typeApplication Server SoftwareApplication Server SoftwareApplication Server Software
vendorRed HatRed HatRed Hat
nameJBoss A-MQJBoss A-MQJBoss A-MQ
componentJolokia APIJolokia APIJolokia API
cwe352 (cross site request forgery)352 (cross site request forgery)352 (cross site request forgery)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.26.26.2
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
locationBugzillaBugzillaBugzilla
typeBug ReportBug ReportBug Report
urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1248809https://bugzilla.redhat.com/show_bug.cgi?id=1248809https://bugzilla.redhat.com/show_bug.cgi?id=1248809
identifierBug 1248809Bug 1248809Bug 1248809
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2015-5182CVE-2015-5182CVE-2015-5182
cve_assigned143570880014357088001435708800
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryCross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
nessus_riskHighHighHigh
nessus_typeremoteremoteremote
nessus_date1535587200 (08/30/2018)1535587200 (08/30/2018)1535587200 (08/30/2018)
seealso13086 100137 108021 108782 125248 13795013086 100137 108021 108782 125248 13795013086 100137 108021 108782 125248 137950
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days315315315
0day_days788788788
exposure_days315315315
cvss3_nvd_basescore8.88.88.8
discoverydate14382144001438214400
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1248809https://bugzilla.redhat.com/show_bug.cgi?id=1248809
nameUpgradeUpgrade
date1533513600 (08/06/2018)1533513600 (08/06/2018)
securityfocus6712167121
nessus_id112192112192
nessus_nameApache ActiveMQ 5.x < 5.15.5 Multiple VulnerabilitiesApache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities
nessus_filenameactivemq_5_15_5.naslactivemq_5_15_5.nasl
nessus_familyCGI abusesCGI abuses
person_nameRene Gielen
securityfocus_date1398722400 (04/29/2014)
securityfocus_classDesign Error
cvss2_nvd_basescore6.8

Do you want to use VulDB in your project?

Use the official API to access entries easily!