CVE-2014-0168 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
jolokia	jolokia	𝑥 ≤ 1.2.0
jolokia	jolokia	1.0.0
jolokia	jolokia	1.0.1
jolokia	jolokia	1.0.2
jolokia	jolokia	1.0.3
jolokia	jolokia	1.0.4
jolokia	jolokia	1.0.5
jolokia	jolokia	1.0.6
jolokia	jolokia	1.1.0
jolokia	jolokia	1.1.1
jolokia	jolokia	1.1.2
jolokia	jolokia	1.1.3
jolokia	jolokia	1.1.4
jolokia	jolokia	1.1.5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://rhn.redhat.com/errata/RHSA-2014-1351.html

https://github.com/rhuss/jolokia/commit/2d9b168cfbbf5a6d16fa6e8a5b34503e3dc42364

http://rhn.redhat.com/errata/RHSA-2014-1351.html

https://github.com/rhuss/jolokia/commit/2d9b168cfbbf5a6d16fa6e8a5b34503e3dc42364