漏洞类别:CGI
漏洞等级: 
漏洞信息
Red Hat JBoss Enterprise Application Platform (or JBoss EAP) is a subscription-based/open-source Java EE-based application server runtime platform used for building, deploying, and hosting highly-transactional Java applications and services.
Red Hat JBoss EAP contains the following vulnerabilities:
CVE-2015-5178: The Management Console in Red Hat Enterprise Application Platform before 6.4.4 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a FRAME or IFRAME element.
CVE-2015-5220: The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 allows remote attackers to cause a denial of service (memory consumption) via a large request header.
Affected Versions:
Red Hat Enterprise Application Platform (EAP) before 6.4.4
漏洞危害
Depending on the vulnerability being exploited, an unauthenticated, remote attacker could conduct click-jacking attacks or cause a DoS attack on a targeted system.
解决方案
Customers are advised to download Red Hat EAP 6.4.4 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论