Description
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
Remediation
References
http://www.debian.org/security/2016/dsa-3679
http://www.openwall.com/lists/oss-security/2016/09/14/6
http://www.securityfocus.com/bid/92966
https://issues.apache.org/jira/browse/JCR-4009
Related Vulnerabilities
CVE-2020-36183 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-16303 Vulnerability in npm package generator-jhipster-kotlin
CVE-2021-23346 Vulnerability in npm package html-parse-stringify
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow
CVE-2017-16138 Vulnerability in maven package org.webjars:mime