Red Hat Security Advisory 2014-0025-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. It was found that sending a GET request for a destructive action could bypass the Ruby on Rails protect_from_forgery mechanism. A remote attacker could use this flaw to perform Cross-Site Request Forgery attacks against CloudForms applications.
0c9647d81c1ee7bbaf26f495a51c3ebef52784b03464346781b0b5a7efff0c98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed