HomePentest-Tools.com Logo

Apache Jackrabbit Cross-Site Request Forgery (CSRF) Vulnerability - Windows CVE-2016-6801

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Jackrabbit is prone to a cross-site request forgery vulnerability.

Risk description

The flaw is due to error in content-type check for POST requests which does not handle missing Content-Type header fields, nor variations in field values with respect to upper/lower case or optional parameters. Successful exploitation will allow remote attackers to conduct CSRF attacks.

Recommendation

Upgrade to Apache Jackrabbit 2.4.6 or 2.6.6 or 2.8.3 or 2.10.4 or 2.12.4 or 2.13.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 21, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available