CVE-2014-0168

CVSS v2.0 6.8 (Medium)

EPSS 0.18 % (56^th)

Affected Products 1

Advisories 1

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-10-06 14:55:08
(10 years ago)
Updated Date: 2014-10-07 15:20:13
(10 years ago)

Affected Products

Jolokia

Jolokia

Configuration #1

	CPE23	Up To
Jolokia 1.2.0 and prior versions	cpe:2.3:a:jolokia:jolokia	<= 1.2.0
Jolokia 1.0.0	cpe:2.3:a:jolokia:jolokia:1.0.0
Jolokia 1.0.1	cpe:2.3:a:jolokia:jolokia:1.0.1
Jolokia 1.0.2	cpe:2.3:a:jolokia:jolokia:1.0.2
Jolokia 1.0.3	cpe:2.3:a:jolokia:jolokia:1.0.3
Jolokia 1.0.4	cpe:2.3:a:jolokia:jolokia:1.0.4
Jolokia 1.0.5	cpe:2.3:a:jolokia:jolokia:1.0.5
Jolokia 1.0.6	cpe:2.3:a:jolokia:jolokia:1.0.6
Jolokia 1.1.0	cpe:2.3:a:jolokia:jolokia:1.1.0
Jolokia 1.1.1	cpe:2.3:a:jolokia:jolokia:1.1.1
Jolokia 1.1.2	cpe:2.3:a:jolokia:jolokia:1.1.2
Jolokia 1.1.3	cpe:2.3:a:jolokia:jolokia:1.1.3
Jolokia 1.1.4	cpe:2.3:a:jolokia:jolokia:1.1.4
Jolokia 1.1.5	cpe:2.3:a:jolokia:jolokia:1.1.5