Cross-site Request Forgery (CSRF) Affecting org.apache.jackrabbit:jackrabbit-webdav package, versions [2.4.0, 2.4.6) [2.6.0, 2.6.6) [2.8.0, 2.8.3) [2.10.0, 2.10.4) [2.12.0, 2.12.4) [2.13.0, 2.13.3)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEJACKRABBIT-30654
- published 29 Aug 2016
- disclosed 29 Aug 2016
- credit Unknown
Introduced: 29 Aug 2016
CVE-2016-6801 Open this link in a new tabHow to fix?
Upgrade org.apache.jackrabbit:jackrabbit-webdav
to version 2.4.6, 2.6.6, 2.8.3, 2.10.4, 2.12.4, 2.13.3 or higher.
Overview
org.apache.jackrabbit:jackrabbit-webdav is a Generic WebDAV Library
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.