CVE-2016-4469

HIGH

Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4469. PoCs published by Julien Ahrens.

AI-analyzed exploit summary This is a CSRF exploit for Apache Archiva, demonstrating how an attacker can trick an authenticated admin into submitting a malicious form to add a new proxy connector. The PoC includes a crafted HTML form targeting vulnerable endpoints lacking CSRF tokens.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.

Exploits (1)

exploitdb WORKING POC

by Julien Ahrens · textwebappsxml

https://www.exploit-db.com/exploits/40109

View Code ZIP pw:eip

This is a CSRF exploit for Apache Archiva, demonstrating how an attacker can trick an authenticated admin into submitting a malicious form to add a new proxy connector. The PoC includes a crafted HTML form targeting vulnerable endpoints lacking CSRF tokens.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Apache Archiva v1.3.9

Auth required

Prerequisites: Admin user with active session · Victim must visit attacker-controlled page

MITRE ATT&CK