![]() ![]() The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. ![]() (Also, anonymous access can be achieved in applications that do not have a user login area). In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. ![]() Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
0 Comments
Leave a Reply. |