CVE-2011-3609

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Published: Nov 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2011-3609
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
redhat / jboss_application_server	7.0.0	7.0.0.x
redhat / jboss_application_server	7.0.1	7.0.1.x
redhat / jboss_application_server	7.0.2	7.0.2.x
redhat / jboss_application_server	7.0.0-alpha1	7.0.0-alpha1.x
redhat / jboss_application_server	7.0.0-beta1	7.0.0-beta1.x
redhat / jboss_application_server	7.0.0-beta2	7.0.0-beta2.x
redhat / jboss_application_server	7.0.0-beta3	7.0.0-beta3.x
redhat / jboss_application_server	7.0.0-cr1	7.0.0-cr1.x

Vulnerability Database

289,599

CVE-2011-3609