6.8

CVE-2012-2380

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

Data is provided by the National Vulnerability Database (NVD)
ApacheRoller Version <= 5.0
ApacheRoller Version0.9.5
ApacheRoller Version0.9.6
ApacheRoller Version0.9.6.3
ApacheRoller Version0.9.6.4
ApacheRoller Version0.9.7
ApacheRoller Version0.9.7.1
ApacheRoller Version0.9.7.2
ApacheRoller Version0.9.8
ApacheRoller Version0.9.8.1
ApacheRoller Version0.9.8.2
ApacheRoller Version0.9.9
ApacheRoller Version1.0
ApacheRoller Version1.0 Updaterc1
ApacheRoller Version1.0 Updaterc2
ApacheRoller Version1.0.1
ApacheRoller Version1.1
ApacheRoller Version1.1.1
ApacheRoller Version1.1.2
ApacheRoller Version1.2
ApacheRoller Version1.3
ApacheRoller Version2.0
ApacheRoller Version2.0.1
ApacheRoller Version2.0.2
ApacheRoller Version2.1
ApacheRoller Version2.1.1
ApacheRoller Version2.3
ApacheRoller Version3.0
ApacheRoller Version3.1
ApacheRoller Version4.0
ApacheRoller Version4.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.18% 0.367
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.