[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability
CVE-2010-3449: Apache Continuum CSRF vulnerability
The Apache Software Foundation
Continuum 1.4.0 (Beta)
The unsupported versions Continuum 1.1 - 220.127.116.11 are also affected.
Administrators are able to change any user's password, but the
source of the request is not verified, making the behaviour
susceptible to CSRF.
Continuum 1.3.6 and earlier users should upgrade to 1.3.7
Continuum 1.4.0 (Beta) users should apply the following patch:
This issue was discovered by Anatolia Security Research Group