Vulnerability Description
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Wildfly Application Server | <= 2.0.0 |
| Redhat | Jboss Enterprise Application Platform | <= 6.4.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-1904.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1905.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1906.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1907.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1908.htmlVendor Advisory
- http://www.securitytracker.com/id/1033859
- https://bugzilla.redhat.com/show_bug.cgi?id=1250552Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1904.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1905.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1906.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1907.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1908.htmlVendor Advisory
- http://www.securitytracker.com/id/1033859
- https://bugzilla.redhat.com/show_bug.cgi?id=1250552Vendor Advisory
FAQ
What is CVE-2015-5178?
CVE-2015-5178 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for r...
How severe is CVE-2015-5178?
CVE-2015-5178 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5178?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Wildfly Application Server, Redhat Jboss Enterprise Application Platform.