WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-6801 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav

Description

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.

Remediation

References

http://www.openwall.com/lists/oss-security/2016/09/14/6

https://issues.apache.org/jira/browse/JCR-4009

http://www.debian.org/security/2016/dsa-3679

http://www.securityfocus.com/bid/92966

Related Vulnerabilities

CVE-2020-10800 Vulnerability in npm package lix

CVE-2016-8739 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-extension-providers

CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify

CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2016-10692 Vulnerability in npm package haxeshim

Severity

Critical

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory VDB Entry