Unrated severityNVD Advisory· Published Oct 27, 2015· Updated Jun 17, 2026
CVE-2015-5178
CVE-2015-5178
Description
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*range: <=6.4.3
- (no CPE)range: <6.4.4
- cpe:2.3:a:redhat:jboss_wildfly_application_server:*:cr8:*:*:*:*:*:*Range: <=2.0.0
Patches
Vulnerability mechanics
References
7- rhn.redhat.com/errata/RHSA-2015-1904.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1905.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1906.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1907.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1908.htmlnvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdVendor Advisory
- www.securitytracker.com/id/1033859nvd
News mentions
0No linked articles in our index yet.