CVE-2024-27140

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27140
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS

No CVSS.

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/01/2
https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy
http://www.openwall.com/lists/oss-security/2024/03/01/2
https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy
Configurations

No configuration.

History

21 Nov 2024, 09:03

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/03/01/2 - () http://www.openwall.com/lists/oss-security/2024/03/01/2 -
References () https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy - () https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/01/2 -

21 Mar 2024, 02:52

Type Values Removed Values Added
Summary
  • (es) ** NO SOPORTADO CUANDO ESTÁ ASIGNADO ** Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Apache Archiva. Este problema afecta a Apache Archiva: desde 2.0.0. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. Alternativamente, puede configurar un proxy HTTP frente a su instancia de Archiva para reenviar solo solicitudes que no tengan caracteres maliciosos en la URL. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.

01 Mar 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-01 16:15

Updated : 2024-11-21 09:03

NVD link : CVE-2024-27140

Mitre link : CVE-2024-27140

CVE.ORG link : CVE-2024-27140

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024