Description
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Anatolia Security · textwebappsmultiple
https://www.exploit-db.com/exploits/15710
References (19)
Core 19
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42376
Various Sources x_refsource_confirm
http://jira.codehaus.org/browse/MRM-1438
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/238
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45095
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1066010
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43261
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516341/100/0/threaded
Patch x_refsource_confirm
http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518&r2=1038517&pathrev=1038518
Various Sources x_refsource_confirm
http://archiva.apache.org/security.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0373
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1038518
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/69520
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3098
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E
Various Sources x_refsource_confirm
http://continuum.apache.org/security.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514937/100/0/threaded
Patch x_refsource_confirm
http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518&r2=1038517&pathrev=1038518
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025066
Scores
EPSS
0.0324
EPSS Percentile
87.2%
Details
CWE
CWE-352
Status
published
Products (25)
apache/archiva
1.0
apache/archiva
1.0.1
apache/archiva
1.0.2
apache/archiva
1.0.3
apache/archiva
1.1
apache/archiva
1.1.1
apache/archiva
1.1.2
apache/archiva
1.1.3
apache/archiva
1.1.4
apache/archiva
1.2
... and 15 more
Published
Dec 06, 2010
Tracked Since
Feb 18, 2026