Apache Continuum Cross Site Scripting Vulnerability Network Vulnerability

Summary

Apache Continuum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Apache Continuum 1.3.6 and 1.4.0 (Beta) are vulnerable other versions may also be affected.

Solution

The vendor has released updates. Please see the references for details.

References

http://continuum.apache.org/
http://continuum.apache.org/security.html
http://svn.apache.org/viewvc?view=revision&revision=1066056
https://www.securityfocus.com/bid/46311

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0533

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
/doc directory browsable ?
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities