JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities
BID:59015
Info
JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 59015 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-3532 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2013 12:00AM |
| Updated: | Apr 10 2013 12:00AM |
| Credit: | Trevor Jay of Red Hat |
| Vulnerable: |
Redhat JBoss Enterprise Portal Platform 5.2.2 |
| Not Vulnerable: | |
Discussion
JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities
JBoss Enterprise Portal Platform is prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
JBoss Enterprise Portal Platform 5.2.2 is vulnerable; other versions may also be affected.
JBoss Enterprise Portal Platform is prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
JBoss Enterprise Portal Platform 5.2.2 is vulnerable; other versions may also be affected.
Exploit / POC
JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.