[<prev] [next>] [day] [month] [year] [list]
Message-Id: <F9C5C032-80D0-42BA-83A1-AB3D61C2BBF9@apache.org>
Date: Wed, 16 Feb 2011 23:30:45 +1100
From: Brett Porter <brett@...che.org>
To: users@...hiva.apache.org
Cc: announce@...che.org,
Apache Security Response Team <security@...che.org>,
dev@...hiva.apache.org, full-disclosure@...ts.grok.org.uk,
bugtraq@...urityfocus.com
Subject: [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.
Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.
Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4
References:
http://archiva.apache.org/security.html
--
Brett Porter
brett@...che.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
Powered by blists - more mailing lists