Summary
This host is running Apache Archiva and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject arbitrary HTML codes, theft of cookie-based authentication credentials, arbitrary URL redirection, disclosure or modification of sensitive data and phishing attacks.
Impact Level: Application
Solution
Upgrade to Apache Archiva Version 1.3.5 or later
For updates refer to http://archiva.apache.org/
Insight
Multiple flaws are due to insufficient input validation in the input fields throughout the application. Successful exploitation could allow an attacker to compromise the application.
Affected
Apache Archiva version 1.3.4 and prior.
References
Severity
Classification
-
CVE CVE-2011-1026, CVE-2011-1077 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability