It was discovered that a cross-site scripting (XSS) vulnerability on a JBoss Operations Network 404 error page allowed for session fixation attacks. An attacker could use this flaw to impersonate a legitimate user, resulting in compromised integrity of secure data.
It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing an attacker to view or alter user records, and to perform transactions as that user.
Suggested patch is attached to BZ 1235393.
This issue has been addressed in the following products:
Via RHSA-2015:1525 https://rhn.redhat.com/errata/RHSA-2015-1525.html