[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2@mail.gmail.com>
Date: Tue, 30 Nov 2010 07:13:32 +0800
From: Deng Ching <oching@...che.org>
To: users@...hiva.apache.org, dev@...hiva.apache.org,
Maven Users List <users@...en.apache.org>, security <security@...che.org>,
full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
Advisory <advisory@...toliasecurity.com>
Subject: [CVE-2010-3449] Apache Archiva CSRF Vulnerability
CVE-2010-3449: Apache Archiva CSRF Vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Archiva 1.0 to 1.0.3 (end of life)
Archiva 1.1 to 1.1.4 (end of life)
Archiva 1.2 to 1.2.2 (end of life)
Archiva 1.3 to 1.3.1
Description:
Apache Archiva doesn't check which form sends credentials. An attacker
can create a specially crafted page and force archiva administrators
to view it and change their credentials. To fix this, a referrer check
was added to the security interceptor for all secured actions. A
prompt for the administrator's password when changing a user account
was also set in place.
Mitigation:
All users should upgrade to 1.3.2 (http://archiva.apache.org/download.html)
Credit:
This issue was discovered by Anatolia Security Research Group
References:
http://archiva.apache.org/security.html
Thanks,
The Apache Archiva Team
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists