CVE-2016-8737

Name of the Vulnerable Software and Affected Versions Apache Brooklyn versions prior to 0.10.0

Description The issue allows a malicious web site to produce a link that, if clicked while a user is logged in, could cause the server to execute the attacker's commands as the user. This is due to the REST server being vulnerable to cross-site request forgery (CSRF). A proof-of-concept exploit using this issue is known to exist.

Recommendations For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider implementing CSRF protection mechanisms, such as token-based validation, to minimize the risk of exploitation. Restrict access to sensitive operations within the REST server to minimize potential damage until the update can be applied.