{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-14T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"}, {"name": "RHSA-2018:0296", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0296"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"}, {"name": "92760", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92760"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:46.810Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"}, {"name": "RHSA-2018:0296", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"}, {"name": "92760", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92760"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-7034", "datePublished": "2016-09-07T18:00:00", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2024-08-06T01:50:46.810Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9A7241B-51EC-46A1-9F18-2006D2A0E65A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token."}, {"lang": "es", "value": "El dashbuilder en Red Hat JBoss BPM Suite 6.3.2 no maneja adecuadamente tokens CSRF generados durante una sesi\u00f3n activa y los incluye en cadenas query, lo que facilita a atacantes remotos (1) eludir mecanismos de protecci\u00f3n CSRF o (2) llevar a cabo ataques CSRF mediante la obteci\u00f3n de un token antiguo."}], "id": "CVE-2016-7034", "lastModified": "2018-02-15T02:29:00.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-07T18:59:07.750", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92760"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0296"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jeremy Choi (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2017:0557", "cpe": "cpe:/a:redhat:jboss_bpms:6.4", "product_name": "Red Hat JBoss BPMS 6.4", "release_date": "2017-03-16T00:00:00Z"}, {"advisory": "RHSA-2018:0296", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "dashbuilder", "product_name": "Red Hat JBoss Data Virtualization 6.4", "release_date": "2018-02-13T00:00:00Z"}], "bugzilla": {"description": "Dashbuilder: insecure handling of CSRF token", "id": "1373347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.", "It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web logs, and other sources. Attackers may be able to obtain old tokens from various sources in the network and perform CSRF attacks successfully."], "name": "CVE-2016-7034", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Affected", "package_name": "dashbuilder", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Not affected", "package_name": "dashbuilder", "product_name": "Red Hat JBoss BRMS 6"}], "public_date": "2016-09-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7034\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7034"], "threat_severity": "Moderate"}