CVE-2012-2380
Apache Roller < 5.0.1 - Cross-Site Request Forgery via Admin/Editor Console
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html
Scores
EPSS
0.0159
EPSS Percentile
72.8%
Details
CWE
CWE-352
Status
published
Products (29)
apache/roller
0.9.5
apache/roller
0.9.6
apache/roller
0.9.6.3
apache/roller
0.9.6.4
apache/roller
0.9.7
apache/roller
0.9.7.1
apache/roller
0.9.7.2
apache/roller
0.9.8
apache/roller
0.9.8.1
apache/roller
0.9.8.2
... and 19 more
Published
Jun 26, 2012
Tracked Since
Feb 18, 2026