|
|
Log in / Subscribe / Register

jackrabbit: cross-site request forgery

Package(s):jackrabbit CVE #(s):CVE-2016-6801
Created:September 19, 2016 Updated:September 27, 2016
Description: From the Debian LTS advisory:

Lukas Reschke discovered that Apache Jackrabbit, a content repository implementation for Java, was vulnerable to Cross-Site-Request-Forgery in Jackrabbit's webdav module.

The CSRF content-type check for POST requests did not handle missing Content-Type header fields, nor variations in field values with respect to upper/lower case or optional parameters. This could be exploited to create a resource via CSRF.

Alerts:
Debian DSA-3679-1 jackrabbit 2016-09-27
Debian-LTS DLA-629-1 jackrabbit 2016-09-18
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds