CVE-2010-3449

Redback < 1.2.4 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3449. PoCs published by Anatolia Security.

AI-analyzed exploit summary This is a proof-of-concept for a CSRF vulnerability in Apache Archiva that allows an attacker to change the administrator's credentials by tricking them into visiting a malicious page. The exploit submits a crafted form to the target application without requiring authentication.

Description

Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Anatolia Security · textwebappsmultiple
https://www.exploit-db.com/exploits/15710

This is a proof-of-concept for a CSRF vulnerability in Apache Archiva that allows an attacker to change the administrator's credentials by tricking them into visiting a malicious page. The exploit submits a crafted form to the target application without requiring authentication.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache Archiva 1.0 to 1.3.1
No auth needed
Prerequisites: Victim must be authenticated as an administrator in Apache Archiva · Victim must visit the malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42376
Various Sources x_refsource_confirm
http://jira.codehaus.org/browse/MRM-1438
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/238
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45095
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43261
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516341/100/0/threaded
Various Sources x_refsource_confirm
http://archiva.apache.org/security.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0373
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/69520
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3098
Various Sources x_refsource_confirm
http://continuum.apache.org/security.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514937/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025066

Scores

EPSS 0.0484
EPSS Percentile 90.9%

Details

CWE
CWE-352
Status published
Products (25)
apache/archiva 1.0
apache/archiva 1.0.1
apache/archiva 1.0.2
apache/archiva 1.0.3
apache/archiva 1.1
apache/archiva 1.1.1
apache/archiva 1.1.2
apache/archiva 1.1.3
apache/archiva 1.1.4
apache/archiva 1.2
... and 15 more
Published Dec 06, 2010
Tracked Since Feb 18, 2026