The Management Console in Red Hat Enterprise Application Platform prior to 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss wildfly application server |
||
redhat jboss enterprise application platform |