BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
Jun 24 2012 05:03PM
Dave (snoopdave gmail com)
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has been ...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has been ...
[ more ]