### [CVE-2011-3609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3609)
![](https://img.shields.io/static/v1?label=Product&message=JBoss%20Application%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%207%20before%207.1.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20&color=brighgreen)

### Description

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

### POC

#### Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=743006
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609

#### Github
- https://github.com/Live-Hack-CVE/CVE-2011-3609