CVE-2015-5178 : The Management Console in Red Hat Enterprise Application Platform before 6.4.4 a

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Published 2015-10-27 16:59:02

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2015-5178

Redhat » Jboss Enterprise Application Platform
Versions up to, including, (<=) 6.4.3
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Wildfly Application Server » Update CR8
Versions up to, including, (<=) 2.0.0
cpe:2.3:a:redhat:jboss_wildfly_application_server:*:cr8:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-5178

EPSS FAQ

0.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-5178

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-5178

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5178

http://rhn.redhat.com/errata/RHSA-2015-1904.html

RHSA-2015:1904 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1905.html

RHSA-2015:1905 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1250552

1250552 – (CVE-2015-5178) CVE-2015-5178 JBoss AS/WildFly: missing X-Frame-Options header leading to clickjacking
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1908.html

Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1906.html

RHSA-2015:1906 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1033859

JBoss Enterprise Application Platform Bugs Let Remote Users Deny Service and Conduct Clickjacking and Cross-Site Request Forgery Attacks - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1907.html

RHSA-2015:1907 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-5178

Products affected by CVE-2015-5178

Exploit prediction scoring system (EPSS) score for CVE-2015-5178

CVSS scores for CVE-2015-5178

CWE ids for CVE-2015-5178

References for CVE-2015-5178