-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0103 Title: CSRF vulnerability in JMX console as shipped with JBoss EAP 5.1.1 [1] Version history: 16.08.2012 Initial publication Summary ======= The JMX console as shipped with JBoss EAP 5.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. This vulnerability allows an attacker to invoke operations on mbeans via the JMX console.[1] CVE-2011-2908 CVSS v2 Base Score: 3.5 (LOW) (AV:N/AC:M/Au:S/C:P/I:N/A:N) [2] Vulnerable systems ================== JMX console as shipped with JBoss EAP 5.1.1 What can you do? ================ Fix is available [1] What to tell your users? ======================== This issue has been addressed in JBoss Enterprise BRMS Platform 5.3.0 Fix is available. More information ================ [1] https://access.redhat.com/security/cve/CVE-2012-2744 [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQLj9fAAoJEMQ9UMldbd3zQWQP/1h1AaKLRKZDH/y947j9QdoZ JrUc94kqWgg2xJ+PrwMYfOyX3F9aeXcAZZqP2jTMEIVMY0bE9iTzYA9+Op6yVHVj CWxLyndHsnwCWN/WWj72pUgBCJSZ4vmWaawCYLBTGL/A5/sXo+n06qm1PvAHYMdK SbMeNWIgqN5Ni2aqhoxG5k1B2hfW+KTb2e+egXr45PvODYJDqXsxGNVQJ4FUciw/ JufUEUm8plw2eX4hyEY6eyEiK+L46URTv3IlRFhNMrRLNHLytotMKxjLcBrZnCUZ TqzmG6oJcBg/LZ96AXMS0Pkoi4/MRu64ficVAv7NpHUJxsKDeR4e+mRElvSDvHh2 XhPqWn89VdRn1144KniKRNV3uSVZFalsklzdA/BWp5VsKrTdZyI51+Yg2DQ3x1p3 /WputbOROVa2VJrzj7PcW6xMo7NTDBDUQlyD00wtkbWROD/RYZ2S7Y7nGKqU0rUx EU6IkrN7Y7a3PPNa+eX0QKs83mdASadbTX87XcViVP5axeX3iaBBNncMY/pbImru QiDvSA2nv5aT/Z+r1umVStDfun/zB/iyr+/H0EwM0R3fKZEVDx81Ts9T1jAbF2A9 3ryF5iCGLiM54911Xb5Uz/IcWuMKScCQDksPL80UE1H4YEZDpmoJco/G97Mrc6uE ZKUCQzn5QaWH+vl8Nkis =lc00 -----END PGP SIGNATURE-----