CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-1026

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile5.66th
Published2011年6月2日
Last Modified2026年4月29日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.

Affected Platforms (CPE)

📦
Apache

Archiva

= 1.0
📦
Apache

Archiva

= 1.0.1
📦
Apache

Archiva

= 1.0.2
📦
Apache

Archiva

= 1.0.3
📦
Apache

Archiva

= 1.1
📦
Apache

Archiva

= 1.1.1
📦
Apache

Archiva

= 1.1.2
📦
Apache

Archiva

= 1.1.3
📦
Apache

Archiva

= 1.1.4
📦
Apache

Archiva

= 1.2
📦
Apache

Archiva

= 1.2-m1
📦
Apache

Archiva

= 1.2.1
📦
Apache

Archiva

= 1.2.2
📦
Apache

Archiva

= 1.3
📦
Apache

Archiva

= 1.3.1
📦
Apache

Archiva

= 1.3.2
📦
Apache

Archiva

= 1.3.3
📦
Apache

Archiva

= 1.3.4

References & Advisories

🔗 http://archiva.apache.org/docs/1.3.5/release-notes.html
🔗 http://archiva.apache.org/security.html
🔗 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html
🔗 http://secunia.com/advisories/44693
🔗 http://securityreason.com/securityalert/8266
🔗 http://www.securityfocus.com/archive/1/518168/100/0/threaded
🔗 http://www.securityfocus.com/bid/48015
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/67671

相關漏洞威脅

CVE-2016-50039.8

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via...

CVE-2016-44698.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack th...

CVE-2017-56578.0

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious ...

CVE-2016-50027.8

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows rem...