CVE-2010-3449

Published: 06/12/2010 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Redback prior to 1.2.4, as used in Apache Archiva 1.0 up to and including 1.0.3, 1.1 up to and including 1.1.4, 1.2 up to and including 1.2.2, and 1.3 up to and including 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 up to and including 1.2.3.1; allows remote malicious users to hijack the authentication of administrators for requests that modify credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jesse mcconnell redback
jesse mcconnell redback 1.0
jesse mcconnell redback 1.0.1
jesse mcconnell redback 1.0.2
jesse mcconnell redback 1.0.3
jesse mcconnell redback 1.1
jesse mcconnell redback 1.1.1
jesse mcconnell redback 1.1.2
jesse mcconnell redback 1.2
jesse mcconnell redback 1.2.1
jesse mcconnell redback 1.2.2
apache archiva 1.0
apache archiva 1.0.1
apache archiva 1.0.2
apache archiva 1.0.3
apache archiva 1.1
apache archiva 1.1.1
apache archiva 1.1.2
apache archiva 1.1.3
apache archiva 1.1.4
apache archiva 1.2
apache archiva 1.2.1
apache archiva 1.2.2
apache archiva 1.3
apache archiva 1.3.1

ANATOLIA SECURITY ADVISORY -------------------------------------- ### ADVISORY INFO ### + Title: Apache Archiva Cross-site Request Forgery Vulnerability + Advisory URL: wwwanatoliasecuritycom/adv/as-adv-2010-001txt + Advisory ID: 2010-001 + Versions: Archiva 10 to 131 + Date: 29/09/2010 + CVE-ID: CVE-2010-3449 + Vendor: The Apache So ...

CWE-352 http://archiva.apache.org/security.html http://secunia.com/advisories/42376 http://www.vupen.com/english/advisories/2010/3098 http://svn.apache.org/viewvc?view=revision&revision=1038518 http://www.osvdb.org/69520 http://www.securityfocus.com/bid/45095 http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518&r2=1038517&pathrev=1038518 http://jira.codehaus.org/browse/MRM-1438 http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518&r2=1038517&pathrev=1038518 http://www.securitytracker.com/id?1025066 http://svn.apache.org/viewvc?view=revision&revision=1066010 http://seclists.org/fulldisclosure/2011/Feb/238 http://secunia.com/advisories/43261 http://www.vupen.com/english/advisories/2011/0373 http://continuum.apache.org/security.html http://www.securityfocus.com/archive/1/516341/100/0/threaded http://www.securityfocus.com/archive/1/514937/100/0/threaded http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E https://nvd.nist.gov https://www.exploit-db.com/exploits/15710/

CVE-2010-3449

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect