[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

To: users@xxxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
From: Brett Porter <brett@xxxxxxxxxx>
Date: Wed, 16 Feb 2011 23:30:45 +1100

CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.

Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4

References:
http://archiva.apache.org/security.html

--
Brett Porter
brett@xxxxxxxxxx
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2164-1] shadow security update
Next by Date: [Full-disclosure] [SECURITY] [DSA 2165-1] ffmpeg-debian security update
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2164-1] shadow security update
Next by thread: [Full-disclosure] [SECURITY] [DSA 2165-1] ffmpeg-debian security update
Index(es):
- Date
- Thread