CVE-2014-0168

Published Oct 6, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99CC3823-8D17-4432-8018-84FC8B98E502",
            "versionEndIncluding": "1.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D03D1F6-AD2D-4A48-8958-DBDF5315876D"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C71FE521-6CB8-4C4B-B31B-DE2F12CC9272"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA487623-F58C-418D-964E-FFE0BBBE0BA1"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF8F76F1-BDA3-49D3-B061-483D69BF4D9A"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20353C40-C19A-40C4-BB27-1F21787FDD43"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DC40D59-D3FF-4988-BC25-2D2533883F9F"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3466BB2-38EF-4F0A-AEC3-BA73A070E2D0"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3790CA6F-E5FA-4E8C-952F-A36D0F5976B4"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541C4C97-DE34-42D9-A726-D85351559848"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "598A6467-40D9-489B-8A14-633729A757E9"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E016BE8B-191C-452A-AA7F-C2C4086AECBA"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF5DF788-9FBD-4FD9-927A-0BC23D123C3E"
          },
          {
            "criteria": "cpe:2.3:a:jolokia:jolokia:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92C4130E-0111-4FF3-8B1D-54ACB9A44503"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References