07 Sep 2016
CVE-2016-7034 Vulnerability
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. (CVSS:6.8) (Last Update:2016-09-08)
Vulnerability Details : The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. Publish Date : 2016-09-07 Last Update Date : 2016-09-08 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-7034
- Number Of Affected Versions By Product
- References For CVE-2016-7034
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2016-7034There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |