漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Roller: Weakness in CSRF protection allows privilege escalation
Vulnerability Description
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Apache Roller 跨站请求伪造漏洞
Vulnerability Description
Apache Roller是美国阿帕奇(Apache)基金会的一套基于Java的多用户开源博客系统。 Apache Roller 6.1.4之前版本存在跨站请求伪造漏洞。攻击者利用该漏洞可以提升权限。
CVSS Information
N/A
Vulnerability Type
N/A