Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Published:   08-12-12th August 2016

OVERVIEW

WSO2 products are vulnerable to possible server shutdown through a Cross Site Request Forgery (CSRF) attack.

...

If you have any questions, post them to security@wso2.com. 


Code

Product

Version

Patch

AS

WSO2 Application Server

5.3.0

WSO2-CARBON-PATCH-4.4.0-0218

BPS

WSO2 Business Process Server

3.5.1

WSO2-CARBON-PATCH-4.4.0-0215

BRS

WSO2 Business Rules Server

2.2.0

WSO2-CARBON-PATCH-4.4.0-0214

CEP

WSO2 Complex Event Processor

4.1.0

WSO2-CARBON-PATCH-4.4.0-0214

DAS

WSO2 Data Analytics Server

3.0.1

WSO2-CARBON-PATCH-4.4.0-0214

DS

WSO2 Dashboard Server

2.0.0

WSO2-CARBON-PATCH-4.4.0-0214

DSS

WSO2 Data Services Server

3.5.0

WSO2-CARBON-PATCH-4.4.0-0213

EMM

WSO2 Enterprise Mobility Manager

2.0.1

WSO2-CARBON-PATCH-4.4.0-0214

ES

WSO2 Enterprise Store

2.0.0

WSO2-CARBON-PATCH-4.4.0-0218

ESB

WSO2 Enterprise Service Bus

4.9.0

WSO2-CARBON-PATCH-4.4.0-0218

IS

WSO2 Identity Server

5.1.0

WSO2-CARBON-PATCH-4.4.0-0214

MB

WSO2 Message Broker

3.1.0

WSO2-CARBON-PATCH-4.4.0-0214

ML

WSO2 Machine Learner

1.1.0

WSO2-CARBON-PATCH-4.4.0-0214

 



NOTES

If you are using newer versions of the products than the ones mentioned in the “SOLUTION” section, this vulnerability is fixed. 


CREDITS

WSO2 thanks, John Page aka hyp3rlinx for responsibly reporting the identified issues and working with us as we addressed them.