What is the severity of CVE-2012-2380?

CVE-2012-2380 is considered a moderate severity vulnerability due to its potential impact on authentication hijacking for admins or editors.

How do I fix CVE-2012-2380?

To fix CVE-2012-2380, upgrade Apache Roller to version 5.0.1 or later.

Who is affected by CVE-2012-2380?

CVE-2012-2380 affects versions of Apache Roller prior to 5.0.1, including multiple earlier versions.

What kind of attacks can CVE-2012-2380 enable?

CVE-2012-2380 allows remote attackers to perform cross-site request forgery (CSRF) attacks leading to potential authentication hijacking.

Is there a workaround for CVE-2012-2380 before applying a patch?

A suitable workaround for CVE-2012-2380 involves implementing CSRF protections at the application layer to mitigate attack vectors until a patch is applied.

Vulnerability/
CVE-2012-2380

medium

6.8

CWE

352

26/6/2012

16/9/2024

CVE-2012-2380: CSRF

First published: Tue Jun 26 2012(Updated: )

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Roller	<=5.0
Apache Roller	=0.9.5
Apache Roller	=0.9.6
Apache Roller	=0.9.6.3
Apache Roller	=0.9.6.4
Apache Roller	=0.9.7
Apache Roller	=0.9.7.1
Apache Roller	=0.9.7.2
Apache Roller	=0.9.8
Apache Roller	=0.9.8.1
Apache Roller	=0.9.8.2
Apache Roller	=0.9.9
Apache Roller	=1.0
Apache Roller	=1.0-rc1
Apache Roller	=1.0-rc2
Apache Roller	=1.0.1
Apache Roller	=1.1
Apache Roller	=1.1.1
Apache Roller	=1.1.2
Apache Roller	=1.2
Apache Roller	=1.3
Apache Roller	=2.0
Apache Roller	=2.0.1
Apache Roller	=2.0.2
Apache Roller	=2.1
Apache Roller	=2.1.1
Apache Roller	=2.3
Apache Roller	=3.0
Apache Roller	=3.1
Apache Roller	=4.0
Apache Roller	=4.0.1

Never miss a vulnerability like this again

Reference Links

http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html

Frequently Asked Questions

What is the severity of CVE-2012-2380?
CVE-2012-2380 is considered a moderate severity vulnerability due to its potential impact on authentication hijacking for admins or editors.
How do I fix CVE-2012-2380?
To fix CVE-2012-2380, upgrade Apache Roller to version 5.0.1 or later.
Who is affected by CVE-2012-2380?
CVE-2012-2380 affects versions of Apache Roller prior to 5.0.1, including multiple earlier versions.
What kind of attacks can CVE-2012-2380 enable?
CVE-2012-2380 allows remote attackers to perform cross-site request forgery (CSRF) attacks leading to potential authentication hijacking.
Is there a workaround for CVE-2012-2380 before applying a patch?
A suitable workaround for CVE-2012-2380 involves implementing CSRF protections at the application layer to mitigate attack vectors until a patch is applied.

collector/nvd-index
agent/type
agent/softwarecombine
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/apache
canonical/apache roller
version/apache roller/5.0
version/apache roller/0.9.5
version/apache roller/0.9.6
version/apache roller/0.9.6.3
version/apache roller/0.9.6.4
version/apache roller/0.9.7
version/apache roller/0.9.7.1
version/apache roller/0.9.7.2
version/apache roller/0.9.8
version/apache roller/0.9.8.1
version/apache roller/0.9.8.2
version/apache roller/0.9.9
version/apache roller/1.0
version/apache roller/1.0-rc1
version/apache roller/1.0-rc2
version/apache roller/1.0.1
version/apache roller/1.1
version/apache roller/1.1.1
version/apache roller/1.1.2
version/apache roller/1.2
version/apache roller/1.3
version/apache roller/2.0
version/apache roller/2.0.1
version/apache roller/2.0.2
version/apache roller/2.1
version/apache roller/2.1.1
version/apache roller/2.3
version/apache roller/3.0
version/apache roller/3.1
version/apache roller/4.0
version/apache roller/4.0.1