CSRF Token Leakage in Red Hat JBoss BPM Suite 6.3.2

CSRF Token Leakage in Red Hat JBoss BPM Suite 6.3.2

CVE-2016-7034 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Learn more about our Web Application Penetration Testing UK.