Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Identity Server | 5.1.0 |
Related Weaknesses (CWE)
References
- http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-ExterExploitThird Party Advisory
- http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-InjecExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539199/100/0/threaded
- http://www.securityfocus.com/bid/92485Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40239/ExploitThird Party AdvisoryVDB Entry
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096PatchVendor Advisory
- http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-ExterExploitThird Party Advisory
- http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-InjecExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539199/100/0/threaded
- http://www.securityfocus.com/bid/92485Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40239/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-4311?
CVE-2016-4311 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proce...
How severe is CVE-2016-4311?
CVE-2016-4311 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4311?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Identity Server.