Vigil@nce - Red Hat JBoss Enterprise Application Platform: three vulnerabilities
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Red Hat JBoss
Enterprise Application Platform.
Impacted products: Red Hat JBoss EAP.
Severity: 2/4.
Creation date: 16/10/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Red Hat JBoss Enterprise
Application Platform.
An attacker can trigger a fatal error in Web Console, in order to
trigger a denial of service. [severity:2/4; CVE-2015-5220]
An attacker can trigger a Clickjacking, in order to perform
operations in the context of the web site. [severity:2/4;
CVE-2015-5178]
An attacker can trigger a Cross Site Request Forgery in Web
Console, in order to force the victim to perform operations.
[severity:2/4; CVE-2015-5188]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN