Hide Forgot
A Cross-Site Request Forgery (CSRF) flaw was found in the JMX Console. A remote attacker could use this flaw to deploy a WAR file of their choosing on the target server, if they are able to trick a user, who is logged into the JMX Console as the admin user, into visiting a specially-crafted web page.
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 Via RHSA-2010:0937 https://rhn.redhat.com/errata/RHSA-2010-0937.html
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 5 Via RHSA-2010:0938 https://rhn.redhat.com/errata/RHSA-2010-0938.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 4.3.0 Via RHSA-2010:0939 https://rhn.redhat.com/errata/RHSA-2010-0939.html
This issue was addressed in the GA release of EAP 5.1.0.
Broader CSRF concerns for the JMX Console are covered by CVE-2011-2908, bug #730176