Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5304

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.

Published

2015-12-16T21:59:00.127

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat jboss_enterprise_application_platform ≤ 6.4.4 Yes
References