VDB-107086 · CVE-2015-5182 · Bug 1248809

Red Hat JBoss A-MQ Jolokia API cross-site request forgery

A vulnerability has been found in Red Hat JBoss A-MQ (Application Server Software) (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown function of the component Jolokia API. Upgrading eliminates this vulnerability. A possible mitigation has been published 12 months after the disclosure of the vulnerability.

Field	09/26/2017 09:00 AM	11/19/2019 11:29 AM	01/14/2021 11:55 AM
type	Application Server Software	Application Server Software	Application Server Software
vendor	Red Hat	Red Hat	Red Hat
name	JBoss A-MQ	JBoss A-MQ	JBoss A-MQ
component	Jolokia API	Jolokia API	Jolokia API
cwe	352 (cross site request forgery)	352 (cross site request forgery)	352 (cross site request forgery)
risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.7	3.7	3.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	M	M	M
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	6.5	6.5	6.5
cvss3_meta_tempscore	6.2	6.2	6.2
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	R	R	R
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	H	H	H
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
location	Bugzilla	Bugzilla	Bugzilla
type	Bug Report	Bug Report	Bug Report
url	https://bugzilla.redhat.com/show_bug.cgi?id=1248809	https://bugzilla.redhat.com/show_bug.cgi?id=1248809	https://bugzilla.redhat.com/show_bug.cgi?id=1248809
identifier	Bug 1248809	Bug 1248809	Bug 1248809
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve	CVE-2015-5182	CVE-2015-5182	CVE-2015-5182
cve_assigned	1435708800	1435708800	1435708800
cve_nvd_published	1506297600	1506297600	1506297600
cve_nvd_summary	Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.	Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.	Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
nessus_risk	High	High	High
nessus_type	remote	remote	remote
nessus_date	1535587200 (08/30/2018)	1535587200 (08/30/2018)	1535587200 (08/30/2018)
seealso	13086 100137 108021 108782 125248 137950	13086 100137 108021 108782 125248 137950	13086 100137 108021 108782 125248 137950
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
reaction_days	315	315	315
0day_days	788	788	788
exposure_days	315	315	315
cvss3_nvd_basescore	8.8	8.8	8.8
discoverydate		1438214400	1438214400
confirm_url		https://bugzilla.redhat.com/show_bug.cgi?id=1248809	https://bugzilla.redhat.com/show_bug.cgi?id=1248809
name		Upgrade	Upgrade
date		1533513600 (08/06/2018)	1533513600 (08/06/2018)
securityfocus		67121	67121
nessus_id		112192	112192
nessus_name		Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities	Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities
nessus_filename		activemq_5_15_5.nasl	activemq_5_15_5.nasl
nessus_family		CGI abuses	CGI abuses
person_name			Rene Gielen
securityfocus_date			1398722400 (04/29/2014)
securityfocus_class			Design Error
cvss2_nvd_basescore			6.8

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!