Cross-Site Request Forgery Vulnerabilities in Apache Archiva by Apache
CVE-2011-1026

Currently unrated

Key Information:

Vendor: Apache
Status: Archiva
Vendor: CVE Published:; 2 June 2011

What is CVE-2011-1026?

Multiple cross-site request forgery vulnerabilities exist in Apache Archiva versions 1.0 through 1.2.2, and 1.3.x prior to version 1.3.5. These flaws could allow remote attackers to hijack the authentication of administrators, potentially leading to unauthorized actions within the application.

References

http://securityreason.com/securityalert/8266

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/518168/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/44693

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2011
Vulnerability Reserved
Feb 14, 2011