Veracode Vulnerability DatabaseVERACODE:13515Cross-Site Request Forgery (CSRF)
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Apache Geronimo application server is vulnerable to cross-site request forgery. Attackers can exploit the vulnerability to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, or perform certain administrative actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| geronimo framework, modules :: security | le | 2.1.3 | |
| geronimo framework, modules :: kernel | le | 2.1.3 |
References
dsecrg.com/pages/vul/show.php?id=120
geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
issues.apache.org/jira/browse/GERONIMO-4597
secunia.com/advisories/34715
www.securityfocus.com/archive/1/502735/100/0/threaded
www.securityfocus.com/bid/34562
www.vupen.com/english/advisories/2009/1089
issues.apache.org/jira/browse/GERONIMO-4597
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P