HomePentest-Tools.com Logo

Apache Archiva CSRF Vulnerability CVE-2017-5657

Severity
CVSSv3 Score
8
Vulnerability description

Apache Archiva is prone to CSRF vulnerabilities for various REST endpoints.

Risk description

Several REST service endpoints of Apache Archiva are not protected against CSRF attacks. A malicious site opened in the same browser as the archiva site, may send HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).

Recommendation

Upgrade to version 2.2.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 22, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available