oss-sec mailing list archives
CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609
From: David Jorm <djorm () redhat com>
Date: Thu, 01 Dec 2011 23:17:05 -0500 (EST)
CVE-2011-3609 has been assigned to a CSRF flaw in the JBoss AS 7 administration console & HTTP management API. A fix for this issue is now available in the latest release of AS 7. Details are in Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609 Thanks to David Black for reporting this flaw. -- David Jorm / Red Hat Security Response Team
Current thread:
- CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609 David Jorm (Dec 01)