Signature Detail
Short Name |
HTTP:APACHE:ARCHIVA-CSRF |
|---|---|
Severity |
High |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache Archiva Cross Site Request Forgery |
Release Date |
2012/11/15 |
Update Number |
2203 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache Archiva Cross Site Request Forgery
This signature detects attempts to exploit a known flaw in Apache Archiva. Apache Archiva is prone to a cross-site request-forgery vulnerability. A successful attack could result in an attacker gaining administrative control over an Archiva-powered website.
Extended Description
Apache Archiva is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. The following versions are affected: Archiva versions 1.0 through 1.0.3 Archiva versions 1.1 through 1.1.4 Archiva versions 1.2 through 1.2.2 Archiva versions 1.3 through 1.3.1
Affected Products
- Apache Archiva 1.0
- Apache Archiva 1.0.3
- Apache Archiva 1.1
- Apache Archiva 1.1.4
- Apache Archiva 1.2
- Apache Archiva 1.2.2
- Apache Archiva 1.3
- Apache Archiva 1.3.1
- Apache Software Foundation Continuum 1.0.2
- Apache Software Foundation Continuum 1.3.6
- Apache Software Foundation Continuum 1.4.0
- Apache Software Foundation Continuum Data Management 1.2.3.1
References
- BugTraq: 45095
- CVE: CVE-2010-3449