Apache Archiva Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

Apache Archiva is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. The following versions are affected: Archiva versions 1.0 through 1.0.3 Archiva versions 1.1 through 1.1.4 Archiva versions 1.2 through 1.2.2 Archiva versions 1.3 through 1.3.1

Solution

Updates are available. Please see the reference for more details.

References

http://archiva.apache.org/docs/1.3.2/release-notes.html
http://archiva.apache.org/download.html
http://jira.codehaus.org/browse/MRM-1438
https://www.securityfocus.com/bid/45095

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3449, CVE-2010-4408

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities