CVE-2017-5657 in Archiva
Resumen (Inglés)
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Reservar
2017-01-29
Divulgación
2017-05-22
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 101524 | Apache Archiva REST falsificación de solicitudes en sitios cruzados | 352 | No está definido | Arreglo oficial | CVE-2017-5657 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV