The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0557.html | |
http://www.securityfocus.com/bid/92760 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:0296 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1373347 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-07T18:00:00
Updated: 2018-02-14T10:57:01
Reserved: 2016-08-23T00:00:00
Link: CVE-2016-7034
JSON object: View
NVD Information
Status : Modified
Published: 2016-09-07T18:59:07.750
Modified: 2018-02-15T02:29:00.513
Link: CVE-2016-7034
JSON object: View
Redhat Information
No data.
CWE