High severity8.8NVD Advisory· Published Feb 17, 2017· Updated Jun 17, 2026
CVE-2016-4311
CVE-2016-4311
Description
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
6- docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096nvdPatchVendor Advisory
- hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txtnvdExploitThird Party Advisory
- packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/40239/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/92485nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/539199/100/0/threadednvd
News mentions
0No linked articles in our index yet.