Cross-Site Request Forgery Vulnerability in Apache Roller by Apache
CVE-2012-2380

Currently unrated

Key Information:

Vendor: Apache
Status: Roller
Vendor: CVE Published:; 26 June 2012

Summary

Apache Roller is affected by multiple security weaknesses that permit cross-site request forgery (CSRF) attacks against the admin and editor consoles. These vulnerabilities allow malicious actors to exploit the HTTP POST functionality, leading to the potential hijacking of authenticated sessions for administrators or editors. This compromise of user authentication can have significant ramifications on the integrity of the application and the safety of its users.

References

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 26, 2012