Unrated severityNVD Advisory· Published Oct 27, 2015· Updated May 6, 2026

CVE-2015-5188

Description

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-1904.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1905.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1906.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1907.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1908.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdVendor Advisory
issues.jboss.org/browse/WFCORE-594nvdVendor Advisory
www.securitytracker.com/id/1033859nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000