Bug 730176 (CVE-2011-2908) - CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans
Summary: CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2908
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 844869 844870 844871
Blocks: 730190 789173 844880 849517
TreeView+ depends on / blocked
 
Reported: 2011-08-12 02:13 UTC by David Jorm
Modified: 2019-09-29 12:46 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-24 23:15:46 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1152 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise SOA Platform 5.3.0 security update 2012-08-08 20:10:27 UTC
Red Hat Product Errata RHSA-2012:1165 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise BRMS Platform 5.3.0 update 2012-08-13 19:58:09 UTC
Red Hat Product Errata RHSA-2012:1232 0 normal SHIPPED_LIVE Important: JBoss Enterprise Portal Platform 5.2.2 update 2012-09-05 20:25:36 UTC
Red Hat Product Errata RHSA-2013:0191 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.2.0 update 2013-01-24 23:30:08 UTC
Red Hat Product Errata RHSA-2013:0192 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.2.0 update 2013-01-24 23:28:23 UTC
Red Hat Product Errata RHSA-2013:0193 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.2.0 update 2013-01-24 23:42:29 UTC
Red Hat Product Errata RHSA-2013:0194 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.2.0 update 2013-01-24 23:08:14 UTC
Red Hat Product Errata RHSA-2013:0195 0 normal SHIPPED_LIVE Important: JBoss Enterprise Web Platform 5.2.0 update 2013-01-24 23:41:24 UTC
Red Hat Product Errata RHSA-2013:0196 0 normal SHIPPED_LIVE Important: JBoss Enterprise Web Platform 5.2.0 update 2013-01-24 23:55:46 UTC
Red Hat Product Errata RHSA-2013:0197 0 normal SHIPPED_LIVE Important: JBoss Enterprise Web Platform 5.2.0 update 2013-01-24 23:54:22 UTC
Red Hat Product Errata RHSA-2013:0198 0 normal SHIPPED_LIVE Important: JBoss Enterprise Web Platform 5.2.0 update 2013-01-25 00:07:17 UTC

Description David Jorm 2011-08-12 02:13:57 UTC 
The JMX console as shipped with JBoss EAP 5.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. This vulnerability allows an attacker to invoke operations on mbeans via the JMX console.
Comment 4 errata-xmlrpc 2012-08-08 16:12:14 UTC 
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 5.3.0

Via RHSA-2012:1152 https://rhn.redhat.com/errata/RHSA-2012-1152.html
Comment 5 errata-xmlrpc 2012-08-13 15:59:01 UTC 
This issue has been addressed in following products:

  JBoss Enterprise BRMS Platform 5.3.0

Via RHSA-2012:1165 https://rhn.redhat.com/errata/RHSA-2012-1165.html
Comment 6 errata-xmlrpc 2012-09-05 16:26:55 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 5.2.2

Via RHSA-2012:1232 https://rhn.redhat.com/errata/RHSA-2012-1232.html
Comment 7 errata-xmlrpc 2013-01-24 18:09:17 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.2.0

Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
Comment 8 errata-xmlrpc 2013-01-24 18:32:13 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 5

Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
Comment 9 errata-xmlrpc 2013-01-24 18:33:00 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 6

Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html
Comment 10 errata-xmlrpc 2013-01-24 18:45:17 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 6

Via RHSA-2013:0195 https://rhn.redhat.com/errata/RHSA-2013-0195.html
Comment 11 errata-xmlrpc 2013-01-24 18:46:03 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4

Via RHSA-2013:0193 https://rhn.redhat.com/errata/RHSA-2013-0193.html
Comment 12 errata-xmlrpc 2013-01-24 18:58:17 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4

Via RHSA-2013:0197 https://rhn.redhat.com/errata/RHSA-2013-0197.html
Comment 13 errata-xmlrpc 2013-01-24 18:59:11 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 5

Via RHSA-2013:0196 https://rhn.redhat.com/errata/RHSA-2013-0196.html
Comment 14 errata-xmlrpc 2013-01-24 19:08:17 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.2.0

Via RHSA-2013:0198 https://rhn.redhat.com/errata/RHSA-2013-0198.html
Note You need to log in before you can comment on or make changes to this bug.