BSA-2017-279
21465
08 September 2017
17 May 2017
Closed
Medium
4.3
N/A
CVE-2015-5178
Summary
Security Advisory ID : BSA-2017-279
Component : JBOSS
Revision : 2.0: Interim
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBossApplication Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
Affected Products
Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.
Products Confirmed Not Vulnerable
Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIron ADX, Brocade Services Director, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 17, 2017 |
2.0 | Updated to address NOS | September 8, 2017 |