Apache Archiva Home Page Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Apache Archiva and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Impact Level: Application

Solution

Upgrade to Apache Archiva 1.3.8, 2.0.1 or later, For updates refer to http://archiva.apache.org/index.cgi

Insight

The flaw exists because the home page does not validate input before returning it to users.

Affected

Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archiva.apache.org/security.html
http://seclists.org/bugtraq/2014/Apr/121
http://www.osvdb.org/106094

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2187
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
/cgi-bin directory browsable ?
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability

Apache Archiva Home Page Cross-Site Scripting vulnerability

Take action and discover your vulnerabilities