Apache Archiva Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Apache Archiva and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes, theft of cookie-based authentication credentials, arbitrary URL redirection, disclosure or modification of sensitive data and phishing attacks. Impact Level: Application

Solution

Upgrade to Apache Archiva Version 1.3.5 or later For updates refer to http://archiva.apache.org/

Insight

Multiple flaws are due to insufficient input validation in the input fields throughout the application. Successful exploitation could allow an attacker to compromise the application.

Affected

Apache Archiva version 1.3.4 and prior.

References

http://archiva.apache.org/security.html
http://packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1026, CVE-2011-1077
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat source.jsp malformed request information disclosure
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability

Take action and discover your vulnerabilities