Red Hat Bugzilla – Bug 1248809
CVE-2015-5182 A-MQ Console: CSRF via form-based API call
Last modified: 2016-03-04 07:16:11 EST
It was found that A-MQ's jolokia API does not have token or referrer checks, and could possibly allow a cross-site request forgery (CSRF) attack. An attacker could use this vulnerability to run application code with the same permissions as an authenticated user.
Red Hat would like to thank Naftali Rosenbaum of Comsec Consulting for reporting this issue.