CVE-2010-3878: CSRF
First published: Wed Jun 16 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =4.3.0-cp06 | |
| JBoss Enterprise Application Platform | =4.3.0 | |
| JBoss Enterprise Application Platform | =4.3.0-cp01 | |
| JBoss Enterprise Application Platform | =4.3.0-cp04 | |
| JBoss Enterprise Application Platform | =4.3.0-cp07 | |
| JBoss Enterprise Application Platform | =4.3.0-cp03 | |
| JBoss Enterprise Application Platform | =4.3.0-cp02 | |
| JBoss Enterprise Application Platform | =4.3.0-cp08 | |
| JBoss Enterprise Application Platform | =4.3.0-cp05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=604617
- http://www.redhat.com/support/errata/RHSA-2010-0937.html
- http://securitytracker.com/id?1024813
- http://www.redhat.com/support/errata/RHSA-2010-0938.html
- http://www.redhat.com/support/errata/RHSA-2010-0939.html
- https://rhn.redhat.com/errata/RHSA-2010-0937.html
- https://rhn.redhat.com/errata/RHSA-2010-0938.html
- https://rhn.redhat.com/errata/RHSA-2010-0939.html
- https://access.redhat.com/security/cve/CVE-2011-2908
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730176
Frequently Asked Questions
What is the severity of CVE-2010-3878?
CVE-2010-3878 is classified as a high severity vulnerability due to its potential to allow unauthorized administrator access.
How do I mitigate CVE-2010-3878?
To mitigate CVE-2010-3878, it's recommended to upgrade to Red Hat JBoss Enterprise Application Platform 4.3.0.CP09 or later.
What type of vulnerability is CVE-2010-3878?
CVE-2010-3878 is a cross-site request forgery (CSRF) vulnerability.
Which versions of JBoss EAP are affected by CVE-2010-3878?
CVE-2010-3878 affects various versions of Red Hat JBoss Enterprise Application Platform 4.3.0, including CP01 to CP08.
Can CVE-2010-3878 lead to remote attacks?
Yes, CVE-2010-3878 allows remote attackers to hijack administrator authentication, potentially leading to unauthorized actions.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3878
- agent/trending
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/4.3.0-cp06
- version/jboss enterprise application platform/4.3.0
- version/jboss enterprise application platform/4.3.0-cp01
- version/jboss enterprise application platform/4.3.0-cp04
- version/jboss enterprise application platform/4.3.0-cp07
- version/jboss enterprise application platform/4.3.0-cp03
- version/jboss enterprise application platform/4.3.0-cp02
- version/jboss enterprise application platform/4.3.0-cp08
- version/jboss enterprise application platform/4.3.0-cp05