Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2011-3609 - Vulnerability Database
Jboss Application Server

JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2011-3609

Medium
Reference: CVE-2011-3609
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-3609
Title: JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the quotAccess-Control-Allow-Originquot HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.