Vulnerability Managment Blog

Tagged: apache archiva Toggle Comment Threads | Keyboard Shortcuts

• 

  vulnerability management 12:37 pm on December 4, 2010 Permalink | Reply
  Tags: apache archiva, credentials, critical watch ( 900 ), security ( 505 ), security advisories ( 695 ), vulnerability ( 725 ), vulnerability management ( 512 )   

  Apache Archiva: CSRF Vulnerability 

  Users of Apache Archiva please be advised of a CSRF vulnerability that has been identified.
  To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

  Amplify’d from http://www.criticalwatch.com

  CVE-2010-3449: Apache Archiva CSRF Vulnerability

  Description: Apache Archiva doesn’t check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials. To fix this, a referrer check was added to the security interceptor for all secured actions. A prompt for the administrator’s password when changing a user account was also set in place. Read more at http://www.criticalwatch.com

   

  See this Amp at http://bit.ly/gcg0s3
   

  Reply Cancel reply

  Required fields are marked *

  Name *

  Email *

  Website

  Notify me of new comments via email.

  Notify me of new posts via email.

  Δ