Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
From: Brett Porter <brett () apache org>
Date: Wed, 16 Feb 2011 23:30:45 +1100
CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.

Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4

References:
http://archiva.apache.org/security.html

--
Brett Porter
brett () apache org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability Brett Porter (Feb 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]