Apache Archiva Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Apache Archiva and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes, theft of cookie-based authentication credentials, arbitrary URL redirection, disclosure or modification of sensitive data and phishing attacks. Impact Level: Application

Solution

Upgrade to Apache Archiva Version 1.3.5 or later For updates refer to http://archiva.apache.org/

Insight

Multiple flaws are due to insufficient input validation in the input fields throughout the application. Successful exploitation could allow an attacker to compromise the application.

Affected

Apache Archiva version 1.3.4 and prior.

References

http://archiva.apache.org/security.html
http://packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1026, CVE-2011-1077

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities