Moderate severityNVD Advisory· Published Oct 6, 2014· Updated Jun 17, 2026
CVE-2014-0168
CVE-2014-0168
Description
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jolokia:jolokia-coreMaven | < 1.2.1 | 1.2.1 |
Affected products
15cpe:2.3:a:jolokia:jolokia:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:jolokia:jolokia:*:*:*:*:*:*:*:*range: <=1.2.0
- cpe:2.3:a:jolokia:jolokia:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:jolokia:jolokia:1.1.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- github.com/rhuss/jolokia/commit/2d9b168cfbbf5a6d16fa6e8a5b34503e3dc42364nvdExploitWEB
- rhn.redhat.com/errata/RHSA-2014-1351.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-fjhw-8222-g2hgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0168ghsaADVISORY
News mentions
0No linked articles in our index yet.