CVE-2010-3449

Name of the Vulnerable Software and Affected Versions Redback versions prior to 1.2.4 Apache Archiva versions 1.0 through 1.0.3 Apache Archiva versions 1.1 through 1.1.4 Apache Archiva versions 1.2 through 1.2.2 Apache Archiva versions 1.3 through 1.3.1 Apache Continuum version 1.3.6 Apache Continuum version 1.4.0 Apache Continuum versions 1.1 through 1.2.3.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that modify credentials. This can lead to unauthorized changes to credentials.

Recommendations For Redback versions prior to 1.2.4, update to version 1.2.4 or later. For Apache Archiva versions 1.0 through 1.0.3, update to a version outside of this range. For Apache Archiva versions 1.1 through 1.1.4, update to a version outside of this range. For Apache Archiva versions 1.2 through 1.2.2, update to a version outside of this range. For Apache Archiva versions 1.3 through 1.3.1, update to a version outside of this range. For Apache Continuum version 1.3.6, update to a version outside of this range. For Apache Continuum version 1.4.0, update to a version outside of this range. For Apache Continuum versions 1.1 through 1.2.3.1, update to a version outside of this range.