CVE-2016-8737
N/A
N/A
Summary
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Brooklyn | 0.9.0 and all prior versions | affected |
Weaknesses
- Cross-site request forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://brooklyn.apache.org/community/security/CVE-2016-8737.html
- http://www.securityfocus.com/bid/96228
- https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953%40%3Cdev.brooklyn.apache.org%3E
References
- https://brooklyn.apache.org/community/security/CVE-2016-8737.html
- http://www.securityfocus.com/bid/96228
- https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953%40%3Cdev.brooklyn.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.