CVE-2024-27140

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27140
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS

No CVSS.

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/01/2
https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy
Configurations

No configuration.

History

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/01/2 -

21 Mar 2024, 02:52

Type Values Removed Values Added
Summary
  • (es) ** NO SOPORTADO CUANDO ESTÁ ASIGNADO ** Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Apache Archiva. Este problema afecta a Apache Archiva: desde 2.0.0. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. Alternativamente, puede configurar un proxy HTTP frente a su instancia de Archiva para reenviar solo solicitudes que no tengan caracteres maliciosos en la URL. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.

01 Mar 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-01 16:15

Updated : 2024-08-05 21:15

NVD link : CVE-2024-27140

Mitre link : CVE-2024-27140

CVE.ORG link : CVE-2024-27140

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')