cpe:/a:hawt:hawtio:1.2.2 cpe:/a:redhat:jboss_fuse:6.1.0:beta CVE-2014-0120 2017-12-29T17:29:00.270-05:00 2018-01-11T08:46:41.953-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2018-01-10T16:50:38.250-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1072681 CONFIRM https://github.com/hawtio/hawtio/commit/b4e23e002639c274a2f687ada980118512f06113 MISC https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."