lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 16 Feb 2011 23:30:45 +1100
From: Brett Porter <brett@...che.org>
To: users@...hiva.apache.org
Cc: announce@...che.org,
	Apache Security Response Team <security@...che.org>,
	dev@...hiva.apache.org, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com
Subject: [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.

Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4

References:
http://archiva.apache.org/security.html

--
Brett Porter
brett@...che.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ