Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.3, 2.10.x prior to 2.10.4, 2.12.x prior to 2.12.4, and 2.13.x prior to 2.13.3 allows remote malicious users to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache jackrabbit 2.13.0 |
||
apache jackrabbit 2.12.2 |
||
apache jackrabbit 2.10.1 |
||
apache jackrabbit 2.8.2 |
||
apache jackrabbit 2.6.4 |
||
apache jackrabbit 2.6.1 |
||
apache jackrabbit 2.13.2 |
||
apache jackrabbit 2.4.5 |
||
apache jackrabbit 2.4.4 |
||
apache jackrabbit 2.4.3 |
||
apache jackrabbit 2.4.2 |
||
apache jackrabbit 2.12.1 |
||
apache jackrabbit 2.12.0 |
||
apache jackrabbit 2.10.3 |
||
apache jackrabbit 2.10.2 |
||
apache jackrabbit 2.6.0 |
||
apache jackrabbit 2.4.1 |
||
apache jackrabbit 2.8.0 |
||
apache jackrabbit 2.4.0 |
||
apache jackrabbit 2.13.1 |
||
apache jackrabbit 2.12.3 |
||
apache jackrabbit 2.10.0 |
||
apache jackrabbit 2.8.1 |
||
apache jackrabbit 2.6.5 |
||
apache jackrabbit 2.6.3 |
||
apache jackrabbit 2.6.2 |
||
debian debian linux 8.0 |