Summary
This host is running Apache Archiva and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject arbitrary HTML codes, theft of cookie-based authentication credentials, arbitrary URL redirection, disclosure or modification of sensitive data and phishing attacks.
Impact Level: Application
Solution
Upgrade to Apache Archiva Version 1.3.5 or later
For updates refer to http://archiva.apache.org/
Insight
Multiple flaws are due to insufficient input validation in the input fields throughout the application. Successful exploitation could allow an attacker to compromise the application.
Affected
Apache Archiva version 1.3.4 and prior.
References
Severity
Classification
-
CVE CVE-2011-1026, CVE-2011-1077 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability