CVE-2016-2171
N/A
N/A
Summary
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171
- http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E
- http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
References
- https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171
- http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E
- http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.