CVE-2016-8737
published 2017-09-13CVE-2016-8737: In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | brooklyn | <= 0.9.0 | — |
| apache_software_foundation | apache_brooklyn | — | — |