← Volver a CVEs
CVE-2016-7034
N/ADescripcion
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado9/7/2016
Ultima modificacion4/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:jboss_bpm_suite
Debilidades (CWE)
CWE-352
Referencias
http://rhn.redhat.com/errata/RHSA-2017-0557.html(secalert@redhat.com)
http://www.securityfocus.com/bid/92760(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0296(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2017-0557.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92760(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0296(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.