CVE-2011-1026

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1690%

EPSS Percentile5.66th

PublishedJun 2, 2011

Last ModifiedApr 29, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.

Affected Platforms (CPE)

📦

Apache

Archiva

= 1.0

📦

Apache

Archiva

= 1.0.1

📦

Apache

Archiva

= 1.0.2

📦

Apache

Archiva

= 1.0.3

📦

Apache

Archiva

= 1.1

📦

Apache

Archiva

= 1.1.1

📦

Apache

Archiva

= 1.1.2

📦

Apache

Archiva

= 1.1.3

📦

Apache

Archiva

= 1.1.4

📦

Apache

Archiva

= 1.2

📦

Apache

Archiva

= 1.2-m1

📦

Apache

Archiva

= 1.2.1

📦

Apache

Archiva

= 1.2.2

📦

Apache

Archiva

= 1.3

📦

Apache

Archiva

= 1.3.1

📦

Apache

Archiva

= 1.3.2

📦

Apache

Archiva

= 1.3.3

📦

Apache

Archiva

= 1.3.4

References & Advisories

🔗 http://archiva.apache.org/docs/1.3.5/release-notes.html

🔗 http://archiva.apache.org/security.html

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html

🔗 http://secunia.com/advisories/44693

🔗 http://securityreason.com/securityalert/8266

🔗 http://www.securityfocus.com/archive/1/518168/100/0/threaded

🔗 http://www.securityfocus.com/bid/48015

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/67671

Vulnerability Description

Affected Platforms (CPE)

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

Archiva

References & Advisories

Related Vulnerabilities