REDHAT-BUG-1252885: CSRF
First published: Wed Aug 12 2015(Updated: )
Jason Greene from Red Hat reported that a CSRF vulnerability was introduced with this change: <a href="https://github.com/wildfly/wildfly/pull/5904">https://github.com/wildfly/wildfly/pull/5904</a> and backported here: <a href="https://github.com/jbossas/jboss-eap/pull/932">https://github.com/jbossas/jboss-eap/pull/932</a> Affected Versions include: EAP 6.3.x EAP 6.4.x WildFly 8.1.0 WildFly 8.2.0 WildFly 9.0.x Known Affected Browsers: Internet Explorer (all supported versions) FireFox (all supported versions) The change introduces the ability to upload a file as part of executing a management operation. Since the format used is equivalent to a standard multipart/form-data submission, it can therefore be easily forged using an HTML page and a hidden form value, since such pages are not enforced under the same-origin-policy. While the EAP/WildFly versions affected enforce Origin headers, which would mitigate this attack, only WebKit derived browsers (Chrome, Safari, Opera, etc) send them. The net result is that this vulnerability, when combined with a forgery attack would allow an attacker to make arbitrary changes to the EAP/WildFly instance that the administrator is currently authenticated against, including (but not limited to) altering security policies and network configuration of the instance (assuming that the administrator had such permissions).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss EAP | >=6.3<6.5 | |
| WildFly | >=8.1.0<9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/wildfly/wildfly/pull/5904
- https://github.com/jbossas/jboss-eap/pull/932
- https://issues.jboss.org/browse/HAL-798
- https://rhn.redhat.com/errata/RHSA-2015-1907.html
- https://rhn.redhat.com/errata/RHSA-2015-1905.html
- https://rhn.redhat.com/errata/RHSA-2015-1904.html
- https://rhn.redhat.com/errata/RHSA-2015-1906.html
- https://issues.jboss.org/browse/WFCORE-594
- https://bugzilla.redhat.com/show_bug.cgi?id=1252885
Frequently Asked Questions
What is the severity of REDHAT-BUG-1252885?
The severity of REDHAT-BUG-1252885 is categorized as a CSRF vulnerability which can lead to unauthorized actions being performed on behalf of a user.
How do I fix REDHAT-BUG-1252885?
To fix REDHAT-BUG-1252885, users should upgrade to the latest patched version of Red Hat EAP or Red Hat WildFly.
What versions of Red Hat EAP are affected by REDHAT-BUG-1252885?
Red Hat EAP versions from 6.3 to 6.5 are affected by REDHAT-BUG-1252885.
Which versions of Red Hat WildFly are impacted by REDHAT-BUG-1252885?
Red Hat WildFly versions from 8.1.0 to 9.0 are impacted by REDHAT-BUG-1252885.
Who reported the vulnerability classified as REDHAT-BUG-1252885?
The vulnerability REDHAT-BUG-1252885 was reported by Jason Greene from Red Hat.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5188
- agent/severity
- agent/references
- agent/weakness
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat jboss eap
- canonical/wildfly