Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
Jun 24 2012 05:03PM
Dave (snoopdave gmail com)
Vendor: The Apache Software Foundation
Roller 4.0.0 to Roller 4.0.1
The unsupported Roller 3.1 release is also affected
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has been ...
[ more ]
Copyright 2010, SecurityFocus