TROYANOSYVIRUS
Retour aux CVEs

CVE-2016-7034

N/A

Description

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Details CVE

Score CVSS v3.1N/A
Publie9/7/2016
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0

Produits affectes

redhat:jboss_bpm_suite

Faiblesses (CWE)

CWE-352

References

http://rhn.redhat.com/errata/RHSA-2017-0557.html(secalert@redhat.com)
http://www.securityfocus.com/bid/92760(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0296(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2017-0557.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92760(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0296(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.