First published: Wed Mar 05 2014(Updated: )
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Hawtio | <=1.2.2 | |
Red Hat JBoss Fuse | =6.1.0-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0120 has a high severity as it allows remote attackers to hijack user authentication and execute commands on the Karaf server.
To fix CVE-2014-0120, update to a version of Hawt.io that is greater than 1.2.2 or update Red Hat JBoss Fuse to a version later than 6.1.0-beta.
CVE-2014-0120 affects systems running vulnerable versions of Hawt.io and Red Hat JBoss Fuse.
CVE-2014-0120 exploits cross-site request forgery (CSRF) to hijack authentication.
CVE-2014-0120 can lead to unauthorized command execution on the Karaf server, compromising the security of the entire system.