CVE-2012-2380

Apache Roller < 5.0.1 - Cross-Site Request Forgery via Admin/Editor Console

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html

Scores

EPSS 0.0159
EPSS Percentile 72.8%

Details

CWE
CWE-352
Status published
Products (29)
apache/roller 0.9.5
apache/roller 0.9.6
apache/roller 0.9.6.3
apache/roller 0.9.6.4
apache/roller 0.9.7
apache/roller 0.9.7.1
apache/roller 0.9.7.2
apache/roller 0.9.8
apache/roller 0.9.8.1
apache/roller 0.9.8.2
... and 19 more
Published Jun 26, 2012
Tracked Since Feb 18, 2026