Amq
CVE-2015-5183
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
AnalysisAI
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Affected products include: Redhat Amq, Redhat Jboss A-Mq, Redhat Jboss Enterprise Web Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. Rated high severity (CVSS 8.8), this vulnera
Console: CORS headers set to allow all in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where Sess
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction o
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today