Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4469

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.8%
top 25.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Archiva
Timeline
PublishedJul 28
Latest updateMay 14

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

â–¶NVDapache/archiva1.3.9

🔴Vulnerability Details

2
GHSA
GHSA-hjp8-8h3r-gwg6: Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1↗2022-05-14
â–¶
CVEList
CVE-2016-4469: Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1↗2016-07-28
â–¶

💥Exploits & PoCs

1
Exploit-DB
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities↗2016-07-13
â–¶
CVE-2016-4469 (HIGH CVSS 8.8) | Multiple cross-site request forgery | cvebase.io