Description

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Remediation

References

CVE-2015-5178

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4394)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43717)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0920)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31552)

WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Cross-Site Request Forgery (1.2.19.1)

Severity

Medium

Classification

CVE-2015-5178

Tags

Missing Update Known Vulnerabilities