← Voltar para CVEs
CVE-2016-7034
N/ADescricao
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/7/2016
Ultima modificacao4/12/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
redhat:jboss_bpm_suite
Fraquezas (CWE)
CWE-352
Referencias
http://rhn.redhat.com/errata/RHSA-2017-0557.html(secalert@redhat.com)
http://www.securityfocus.com/bid/92760(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0296(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2017-0557.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92760(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0296(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1373347(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.