Bug 1326179 - (6.4.z) It is possible to inject JavaScript into mod_cluster manager console via MCMP messages
Summary: (6.4.z) It is possible to inject JavaScript into mod_cluster manager console ...
Keywords:
Status: CLOSED DUPLICATE of bug 1197186
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Clustering
Version: 6.4.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Jean-frederic Clere
QA Contact: Michal Vinkler
URL:
Whiteboard:
Depends On:
Blocks: 1258395 eap648-payload
TreeView+ depends on / blocked
 
Reported: 2016-04-12 05:20 UTC by baranowb
Modified: 2016-04-18 13:07 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-18 13:07:17 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1197186 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Bugzilla 1197769 0 high CLOSED CVE-2015-0298 mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker MODCLUSTER-453 0 Critical Resolved It is possible to inject JavaScript into mod_cluster manager console via MCMP messages 2016-09-06 14:23:38 UTC

Internal Links: 1197186 1197769

Description baranowb 2016-04-12 05:20:42 UTC 
Check https://issues.jboss.org/browse/MODCLUSTER-453
Note You need to log in before you can comment on or make changes to this bug.