Back to search
CVE-2016-8737
Published: Sep 13, 2017
Modified: Sep 17, 2024
PUBLISHED
Description
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Brooklyn | affected 0.9.0 and all prior versions |
References
https://brooklyn.apache.org/community/security/CVE-2016-8737.html
x_refsource_CONFIRM
96228
vdb-entry
x_refsource_BID
[dev] 20170210 [SECURITY] CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now