Unrated severityNVD Advisory· Published Oct 27, 2015· Updated May 6, 2026

CVE-2015-5178

Description

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Affected products

Red Hat/Jboss Wildfly Application Server
cpe:2.3:a:redhat:jboss_wildfly_application_server:*:cr8:*:*:*:*:*:*
Range: <=2.0.0
Red Hat/Jboss Enterprise Application Platform
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Range: <=6.4.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-1904.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1905.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1906.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1907.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1908.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdVendor Advisory
www.securitytracker.com/id/1033859nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000