119 matches found
CVE-2025-24859
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859 , carries a CVSS score of...
CVE-2025-24859
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
CVE-2025-24859
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
CVE-2025-24859
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
CVE-2025-24859 Apache Roller: Insufficient Session Expiration on Password Change
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
CVE-2025-24859 Apache Roller: Insufficient Session Expiration on Password Change
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
CVE-2025-24859
CVE-2025-24859 affects Apache Roller
Apache Roller 代码问题漏洞
Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. A code issue vulnerability exists in Apache Roller 6.1.4 and earlier versions, which stems from a password change that does not properly invalidate the session and can be exploited ...
PT-2025-16163 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions prior to 6.1.5 Description: A session management vulnerability exists in Apache Roller where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the use...
Apache Roller Cross-Site Request Forgery Vulnerability (CNVD-2024-47716)
Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system . A cross-site request forgery vulnerability exists in Apache Roller versions prior to 6.1.4, which can be exploited by an attacker to elevate privileges...
CVE-2024-46911
Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...
CVE-2024-46911
Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...
CVE-2024-46911 Apache Roller: Weakness in CSRF protection allows privilege escalation
Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...
CVE-2024-46911 Apache Roller: Weakness in CSRF protection allows privilege escalation
Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...
CVE-2024-46911
Apache Roller contains a Cross-site Resource Forgery (CSRF) and privilege escalation vulnerability affecting versions prior to 6.1.4. On multi-blog/user Roller websites, weblog owners are trusted to publish content by default, and Roller's CSRF protections are insufficient, enabling privilege esc...
Apache Roller 跨站请求伪造漏洞
Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system . A cross-site request forgery vulnerability exists in Apache Roller versions prior to 6.1.4, which can be exploited by an attacker to elevate privileges...
PT-2024-32280 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions prior to 6.1.4 Description: A Cross-site Resource Forgery CSRF and privilege escalation vulnerability exists in Apache Roller. On multi-blog/user Roller websites, weblog owners are trusted to publish arbitrary weblog...
The vulnerability of the User Profile Handler component on the Apache Roller server for creating web blogs allows attackers to execute XSS attacks.
The vulnerability of the User Profile Handler component on the Apache Roller web blog server exists due to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Apache Roller Cross-Site Scripting Vulnerability (CNVD-2024-35670)
Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. Apache Roller suffers from a cross-site scripting vulnerability that can be exploited by an attacker to obtain cookie-based authentication credentials...