Lucene search
K

92 matches found

Cvelist
Cvelist
added 2020/01/28 4:51 p.m.36 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.6AI score0.04511EPSS
Exploits0References12
CVE
CVE
added 2020/01/28 4:51 p.m.99 views

CVE-2020-1940

The CVE-2020-1940 vulnerability affects Apache Jackrabbit Oak, specifically version range 1.2.0 to 1.22.0. The issue arises from the optional initial password change and password expiration flow: the changed password is added to the credentials object but not removed during the first authenticati...

7.5CVSS7.5AI score0.04511EPSS
Exploits0References12Affected Software1
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.14 views

Apache Jackrabbit Detection (HTTP)

HTTP based detection of Apache Jackrabbit. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.807896...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.18 views

Apache Jackrabbit CSRF Vulnerability (Sep 2016) - Linux

Apache Jackrabbit is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.02293EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.20 views

Apache Jackrabbit CSRF Vulnerability (Sep 2016) - Windows

Apache Jackrabbit is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.02293EPSS
Exploits0References3
OSV
OSV
added 2016/09/27 12:0 a.m.11 views

DSA-3679-1 jackrabbit - security update

Bulletin has no description...

8.8CVSS8.7AI score0.02293EPSS
Exploits0
NVD
NVD
added 2016/09/21 2:25 p.m.24 views

CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS9AI score0.02293EPSS
Exploits0References4
OSV
OSV
added 2016/09/21 2:25 p.m.7 views

CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS9AI score0.02293EPSS
Exploits0References4
Prion
Prion
added 2016/09/21 2:25 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

6.8CVSS7.5AI score0.02293EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2016/09/21 2:25 p.m.7 views

UBUNTU-CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS7.4AI score0.02293EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2016/09/21 2:25 p.m.25 views

CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS7.3AI score0.02293EPSS
Exploits0References4
CVE
CVE
added 2016/09/21 2:0 p.m.77 views

CVE-2016-6801

CVE-2016-6801 : Apache Jackrabbit’s CSRF in Webdav is due to improper CSRF content-type checks. Affected are Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3. The vulnerability a...

8.8CVSS8.8AI score0.02293EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/09/21 2:0 p.m.32 views

CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.9AI score0.02293EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2016/09/21 2:0 p.m.40 views

CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS9AI score0.02293EPSS
Exploits0
CNVD
CNVD
added 2016/09/21 12:0 a.m.4 views

Apache Jackrabbit Cross-Site Request Forgery Vulnerability

Apache Jackrabbit is the United States Apache Apache Software Foundation, a full compliance with the Java API version of the content storage specification JCR implementation. A cross-site request forgery vulnerability exists in Apache Jackrabbit that stems from the program failing to properly...

8.8CVSS7AI score0.02293EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/19 12:0 a.m.26 views

Debian DLA-629-1 : jackrabbit security update

Lukas Reschke discovered that Apache Jackrabbit, a content repository implementation for Java, was vulnerable to Cross-Site-Request-Forgery in Jackrabbit's webdav module. The CSRF content-type check for POST requests did not handle missing Content-Type header fields, nor variations in field value...

8.8CVSS7.8AI score0.02293EPSS
Exploits0References3
Debian
Debian
added 2016/09/18 4:51 p.m.27 views

[SECURITY] [DLA 629-1] jackrabbit security update

Package : jackrabbit Version : 2.3.6-1+deb7u2 CVE ID : CVE-2016-6801 Debian Bug : 838204 Lukas Reschke discovered that Apache Jackrabbit, a content repository implementation for Java, was vulnerable to Cross-Site-Request-Forgery in Jackrabbits webdav module. The CSRF content-type check for POST...

8.8CVSS9AI score0.02293EPSS
Exploits0
OSV
OSV
added 2016/09/18 12:0 a.m.19 views

DLA-629-1 jackrabbit - security update

Bulletin has no description...

8.8CVSS8.6AI score0.02293EPSS
Exploits0
Mageia
Mageia
added 2015/06/08 9:17 p.m.35 views

Updated jackrabbit packages fix CVE-2015-1833

Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...

6.4CVSS6.2AI score0.51488EPSS
Exploits6References3
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.96 views

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...

6.4CVSS0.1AI score0.51488EPSS
Exploits6
Rows per page
Query Builder