Lucene search
Riyaz WalikarPACKETSTORM:101748HistoryMay 27, 2011 - 12:00 a.m.
Apache Archiva 1.3.4 Cross Site Request Forgery
2011-05-2700:00:00
Riyaz Walikar
packetstormsecurity.com
28
0.002 Low
EPSS
Percentile
52.9%
`CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
Severity: High
Vendor:
The Apache Software Foundation
Versions Affected:
Archiva 1.3.0 - 1.3.4
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.
Description:
An attacker can build a simple html page containing a hidden Image tag
(eg: <img src=vulnurl width=0 height=0 />) and entice the administrator
to access the page.
Mitigation:
Archiva 1.3.4 and earlier users should upgrade to 1.3.5
Credit:
This issue was discovered by Riyaz Ahemed Walikar of Microland Ltd., India
References:
http://archiva.apache.org/security.html
Thanks,
The Apache Archiva Team
`
Related
prion
prion
Cross site request forgery (csrf)
2011-06-02 20:55:00
cve
cve
CVE-2011-1026
2011-06-02 20:55:00
securityvulns
securityvulns
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
2011-05-30 00:00:00
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities
2011-06-02 00:00:00
[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities
2011-06-02 00:00:00
openvas
openvas
Apache Archiva Multiple Vulnerabilities
2011-06-02 00:00:00
nessus
nessus
Apache Archiva < 1.3.5 Multiple Vulnerabilities
2011-06-05 00:00:00
packetstorm
packetstorm
Apache Archiva 1.3.4 Cross Site Scripting
2011-05-30 00:00:00
Apache Archiva 1.3.4 Cross Site Request Forgery
2011-05-30 00:00:00