Cross-Site Request Forgery Vulnerability in Apache Jackrabbit
CVE-2016-6801

8.8HIGH

Key Information:

Vendor

Apache
Status
Jackrabbit
Vendor
CVE Published:
21 September 2016

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2016-6801?

A CSRF vulnerability exists within the content-type check of Apache Jackrabbit's WebDAV feature. This flaw allows remote attackers to hijack user authentication for specific requests that create resources. Exploitation requires the submission of an HTTP POST request that either lacks a valid Content-Type header or contains a maliciously crafted one, potentially leading to unauthorized actions on behalf of victims.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2016/09/14/6
mailing-listx_refsource_MLIST
http://www.debian.org/security/2016/dsa-3679
vendor-advisoryx_refsource_DEBIAN
https://issues.apache.org/jira/browse/JCR-4009
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.