FKIE_CVE-2010-3449

Vulnerability from fkie_nvd - Published: 2010-12-06 20:13 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
References
secalert@redhat.comhttp://archiva.apache.org/security.html
secalert@redhat.comhttp://continuum.apache.org/security.html
secalert@redhat.comhttp://jira.codehaus.org/browse/MRM-1438
secalert@redhat.comhttp://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E
secalert@redhat.comhttp://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E
secalert@redhat.comhttp://seclists.org/fulldisclosure/2011/Feb/238
secalert@redhat.comhttp://secunia.com/advisories/42376Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/43261
secalert@redhat.comhttp://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518&r2=1038517&pathrev=1038518Patch
secalert@redhat.comhttp://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518&r2=1038517&pathrev=1038518Patch
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=1038518
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=1066010
secalert@redhat.comhttp://www.osvdb.org/69520
secalert@redhat.comhttp://www.securityfocus.com/archive/1/514937/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/516341/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/45095
secalert@redhat.comhttp://www.securitytracker.com/id?1025066
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3098Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0373
af854a3a-2127-422b-91ae-364da2661108http://archiva.apache.org/security.html
af854a3a-2127-422b-91ae-364da2661108http://continuum.apache.org/security.html
af854a3a-2127-422b-91ae-364da2661108http://jira.codehaus.org/browse/MRM-1438
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2011/Feb/238
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42376Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43261
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518&r2=1038517&pathrev=1038518Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518&r2=1038517&pathrev=1038518Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=1038518
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=1066010
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/69520
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/514937/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516341/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45095
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025066
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3098Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0373
Impacted products
Vendor Product Version
jesse_mcconnell redback *
jesse_mcconnell redback 1.0
jesse_mcconnell redback 1.0
jesse_mcconnell redback 1.0.1
jesse_mcconnell redback 1.0.2
jesse_mcconnell redback 1.0.3
jesse_mcconnell redback 1.1
jesse_mcconnell redback 1.1.1
jesse_mcconnell redback 1.1.2
jesse_mcconnell redback 1.2
jesse_mcconnell redback 1.2
jesse_mcconnell redback 1.2
jesse_mcconnell redback 1.2.1
jesse_mcconnell redback 1.2.2
apache archiva 1.0
apache archiva 1.0.1
apache archiva 1.0.2
apache archiva 1.0.3
apache archiva 1.1
apache archiva 1.1.1
apache archiva 1.1.2
apache archiva 1.1.3
apache archiva 1.1.4
apache archiva 1.2
apache archiva 1.2.1
apache archiva 1.2.2
apache archiva 1.3
apache archiva 1.3.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39FE6A7B-7617-4482-B4B7-4069211BA2AA",
              "versionEndIncluding": "1.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1559A056-EBEA-44CE-BCE2-CC12EC5C0BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "BD05018C-8159-4A78-AC7A-632B79E12E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B97EE6-941F-477B-85CB-2DF3157E0748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD23AC38-1D44-41E7-BFB0-E3F1629DC137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A19DB66-6636-460D-A081-F8CAB2882BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF7A373-CF78-438C-A7DC-3C363AD18A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C190A2-A099-44E1-85B7-E7BA47B29890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C7C861-1CCF-49C1-B1B5-5B9058C3EE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AE301F-877B-41DE-AFC7-ED649340AE4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.2:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3E177652-1316-4F37-837D-912B4C43108F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.2:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6B8612CC-1978-4D42-9995-47A96BDEB502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A949E134-1A33-4293-AB3E-1917CC9BCDCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jesse_mcconnell:redback:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9223BE71-E90C-4561-BEFC-81C37624FC13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD6FB90-E505-48D6-B9D1-3E8DD3A47234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21DF9796-959A-4566-8AEF-16ABD8E36444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08C7B72C-957A-44FA-BABA-03A7E4CEF36A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CFEDC8F-0FE0-4E69-8F6F-BD49AB46D8CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF7D312-B1C1-400B-AF0C-7375B1B3F0E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31357E13-6571-4FE9-A5E0-2CACE0423C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2E53F7-845B-4077-9AC9-EAAE60ADC75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF420D40-A4BE-4B74-9457-01E1FFF9D9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1389E21-2451-45FF-97C3-87B58A496E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E1832-3889-477D-9DA4-869B6867EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F945FF3A-483C-4CD5-A413-0C354C15A99F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1D107D-C022-43B4-BA64-0D39F31EE226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26131F0-693E-4245-9DC1-645B0EACD0D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Redback anterior a versi\u00f3n 1.2.4, tal y como es usado en Apache Archiva versiones 1.0 hasta 1.0.3, versiones 1.1 hasta 1.1.4, versiones 1.2 hasta 1.2.2, y versiones 1.3 hasta 1.3.1; y Apache Continuum versiones 1.3.6, 1.4.0 y versiones 1.1 hasta 1.2.3.1; permite a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que modifican las credenciales."
    }
  ],
  "id": "CVE-2010-3449",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-06T20:13:00.357",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://archiva.apache.org/security.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://continuum.apache.org/security.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jira.codehaus.org/browse/MRM-1438"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2011/Feb/238"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42376"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43261"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518\u0026r2=1038517\u0026pathrev=1038518"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518\u0026r2=1038517\u0026pathrev=1038518"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1038518"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/69520"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514937/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516341/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/45095"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1025066"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3098"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archiva.apache.org/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://continuum.apache.org/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jira.codehaus.org/browse/MRM-1438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2%40mail.gmail.com%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C032C189E-D821-4833-A8F2-F72365147695%40apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2011/Feb/238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?r1=1038518\u0026r2=1038517\u0026pathrev=1038518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?r1=1038518\u0026r2=1038517\u0026pathrev=1038518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1038518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/69520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514937/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516341/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0373"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.