CVE-2016-6801

CWE-352 — Cross-Site Request Forgery (CSRF)6 documents5 sources

Severity

8.8HIGH

EPSS

0.4%

top 41.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Jackrabbit Debian Debian Linux

Timeline

PublishedSep 21

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.jackrabbit:jackrabbit-webdav2.4.0 — 2.4.6+5

▶NVDapache/jackrabbit26 versions+25

▶Debianjackrabbit< 2.12.4-1+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

OSV

Apache Jackrabbit Authentication Hijacking Vulnerability↗2022-05-17

▶

GHSA

Apache Jackrabbit Authentication Hijacking Vulnerability↗2022-05-17

▶

OSV

CVE-2016-6801: Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2↗2016-09-21

▶

CVEList

CVE-2016-6801: Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2↗2016-09-21

▶

📋Vendor Advisories

Debian

CVE-2016-6801: jackrabbit - Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check i...↗2016

▶