CVE-2017-5657 in Archivainfo

Summary

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/29/2017

Disclosure

05/22/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
101524	Apache Archiva REST Endpoint cross-site request forgery	352	Not defined	Official fix	CVE-2017-5657

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!