Vulnerabilites related to apache - roller
CVE-2012-2381 (GCVE-0-2012-2381)
Vulnerability from cvelistv5
Published
2012-06-26 10:00
Modified
2024-09-17 02:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120624 CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-26T10:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120624 CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120624 CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2381",
"datePublished": "2012-06-26T10:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:07:14.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4212 (GCVE-0-2013-4212)
Vulnerability from cvelistv5
Published
2013-12-07 20:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
References
| ▼ | URL | Tags |
|---|---|---|
| http://rollerweblogger.org/project/entry/apache_roller_5_0_2 | x_refsource_CONFIRM | |
| http://www.osvdb.org/100342 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/29859 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89239 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/55862 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html | x_refsource_MISC | |
| http://secunia.com/advisories/55877 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "100342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/100342"
},
{
"name": "29859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29859"
},
{
"name": "apache-roller-cve20134212-command-exec(89239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89239"
},
{
"name": "55862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html"
},
{
"name": "55877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka \"OGNL Injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "100342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/100342"
},
{
"name": "29859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/29859"
},
{
"name": "apache-roller-cve20134212-command-exec(89239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89239"
},
{
"name": "55862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html"
},
{
"name": "55877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka \"OGNL Injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2",
"refsource": "CONFIRM",
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "100342",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/100342"
},
{
"name": "29859",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29859"
},
{
"name": "apache-roller-cve20134212-command-exec(89239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89239"
},
{
"name": "55862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55862"
},
{
"name": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html",
"refsource": "MISC",
"url": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html"
},
{
"name": "55877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4212",
"datePublished": "2013-12-07T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46911 (GCVE-0-2024-46911)
Vulnerability from cvelistv5
Published
2024-10-14 08:13
Modified
2024-11-01 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.
Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.
Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: 1.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-14T09:03:17.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/12/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T15:44:51.146602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:06:11.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.roller",
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.1.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chi Tran from EEVEE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller\u0027s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.\u003c/p\u003e\u003cp\u003eRoller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.\u003c/p\u003eRoller 6.1.4 release announcement:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw\"\u003ehttps://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller\u0027s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.\n\nRoller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.\n\nRoller 6.1.4 release announcement:\u00a0 https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T08:13:05.578Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Roller: Weakness in CSRF protection allows privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46911",
"datePublished": "2024-10-14T08:13:05.578Z",
"dateReserved": "2024-09-15T18:44:35.231Z",
"dateUpdated": "2024-11-01T17:06:11.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6879 (GCVE-0-2008-6879)
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-09-17 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31523 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/51151 | vdb-entry, x_refsource_OSVDB | |
| http://svn.apache.org/viewvc?view=rev&revision=668737 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33110 | vdb-entry, x_refsource_BID | |
| http://issues.apache.org/roller/browse/ROL-1766 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:01.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31523"
},
{
"name": "51151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737"
},
{
"name": "33110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.apache.org/roller/browse/ROL-1766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-30T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31523"
},
{
"name": "51151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737"
},
{
"name": "33110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.apache.org/roller/browse/ROL-1766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31523"
},
{
"name": "51151",
"refsource": "OSVDB",
"url": "http://osvdb.org/51151"
},
{
"name": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737"
},
{
"name": "33110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33110"
},
{
"name": "http://issues.apache.org/roller/browse/ROL-1766",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/roller/browse/ROL-1766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6879",
"datePublished": "2009-07-30T19:00:00Z",
"dateReserved": "2009-07-30T00:00:00Z",
"dateUpdated": "2024-09-17T04:14:44.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24859 (GCVE-0-2025-24859)
Vulnerability from cvelistv5
Published
2025-04-14 08:18
Modified
2025-04-18 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.
This issue affects Apache Roller versions up to and including 6.1.4.
The vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/vxv52vdr8nhtjlj6v02w43fdvo0cxw23 | release-notes | |
| https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: 1.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-14T09:04:02.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/11/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T03:55:31.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haining Meng"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cpre\u003e\u003ccode\u003eA session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user\u0027s password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.\n\nThis issue affects Apache Roller versions up to and including 6.1.4.\n\nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.\n\u003c/code\u003e\u003c/pre\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user\u0027s password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.\n\nThis issue affects Apache Roller versions up to and including 6.1.4.\n\nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:N/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "important"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:26:06.137Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://lists.apache.org/thread/vxv52vdr8nhtjlj6v02w43fdvo0cxw23"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Roller: Insufficient Session Expiration on Password Change",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-24859",
"datePublished": "2025-04-14T08:18:54.729Z",
"dateReserved": "2025-01-26T22:17:14.419Z",
"dateUpdated": "2025-04-18T15:26:06.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33580 (GCVE-0-2021-33580)
Vulnerability from cvelistv5
Published
2021-08-18 07:50
Modified
2024-08-03 23:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/08/18/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: Apache Roller < 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"
},
{
"name": "[oss-security] 20210817 CVE-2021-33580: Apache Roller: regex injection leading to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/18/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "Apache Roller",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Roller would like to thank Ed Ra (https://github.com/edvraa) for reporting this."
}
],
"descriptions": [
{
"lang": "en",
"value": "User controlled `request.getHeader(\"Referer\")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn\u0027t have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2."
}
],
"metrics": [
{
"other": {
"content": {
"other": "Low: This attack will only work if Banned-words Referrer processing is turned on in Roller and it is off-by-default."
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T08:06:23",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"
},
{
"name": "[oss-security] 20210817 CVE-2021-33580: Apache Roller: regex injection leading to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/18/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "regex injection leading to DoS",
"workarounds": [
{
"lang": "en",
"value": "This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can \"work around\" the problem.\n\nIf Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it.\n\nIn the Roller properties, set this property site.bannedwordslist.enable.referrers=false"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-33580",
"STATE": "PUBLIC",
"TITLE": "regex injection leading to DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Roller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Roller",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Roller would like to thank Ed Ra (https://github.com/edvraa) for reporting this."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "User controlled `request.getHeader(\"Referer\")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn\u0027t have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "Low: This attack will only work if Banned-words Referrer processing is turned on in Roller and it is off-by-default."
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"
},
{
"name": "[oss-security] 20210817 CVE-2021-33580: Apache Roller: regex injection leading to DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/18/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can \"work around\" the problem.\n\nIf Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it.\n\nIn the Roller properties, set this property site.bannedwordslist.enable.referrers=false"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-33580",
"datePublished": "2021-08-18T07:50:10",
"dateReserved": "2021-05-26T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37581 (GCVE-0-2023-37581)
Vulnerability from cvelistv5
Published
2023-08-06 07:21
Modified
2024-10-01 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/08/16/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:19:27.860402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:19:40.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SecureLayer7 Technologies Pvt Ltd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eMitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller\u0027s File Upload feature.\u2003\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller\u0027s File Upload feature.\u2003\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T08:15:24.347Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/08/16/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Roller: Roller\u0027s weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-37581",
"datePublished": "2023-08-06T07:21:04.307Z",
"dateReserved": "2023-07-08T21:24:01.872Z",
"dateUpdated": "2024-10-01T18:19:40.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25090 (GCVE-0-2024-25090)
Vulnerability from cvelistv5
Published
2024-07-26 08:36
Modified
2025-03-14 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.
This issue affects Apache Roller: from 5.0.0 before 6.1.3.
Users are recommended to upgrade to version 6.1.3, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:40:05.341591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T16:11:12.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:09.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/25/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.1.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jacob Hazak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient input validation and sanitation in Profile name \u0026amp; screenname, Bookmark name \u0026amp; description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Roller: from 5.0.0 before 6.1.3.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.1.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Insufficient input validation and sanitation in Profile name \u0026 screenname, Bookmark name \u0026 description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.\n\nThis issue affects Apache Roller: from 5.0.0 before 6.1.3.\n\nUsers are recommended to upgrade to version 6.1.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T08:36:47.021Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-25090",
"datePublished": "2024-07-26T08:36:47.021Z",
"dateReserved": "2024-02-04T23:11:19.147Z",
"dateUpdated": "2025-03-14T16:11:12.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0249 (GCVE-0-2015-0249)
Vulnerability from cvelistv5
Published
2017-07-14 20:00
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/03/30/13 | mailing-list, x_refsource_MLIST | |
| https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E | x_refsource_CONFIRM | |
| http://cve.killedkenny.io/cve/CVE-2015-0249 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150330 Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/30/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-0249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20150330 Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/30/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-0249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150330 Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/30/13"
},
{
"name": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw@mail.gmail.com%3E",
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw@mail.gmail.com%3E"
},
{
"name": "http://cve.killedkenny.io/cve/CVE-2015-0249",
"refsource": "MISC",
"url": "http://cve.killedkenny.io/cve/CVE-2015-0249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0249",
"datePublished": "2017-07-14T20:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0234 (GCVE-0-2019-0234)
Vulnerability from cvelistv5
Published
2019-07-15 21:13
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Roller |
Version: Roller 5.2 Version: 5.2.1 Version: 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E"
},
{
"name": "[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Roller",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Roller 5.2"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.2. The unsupported pre-Roller 5.1 versions may also be affected."
}
]
}
],
"datePublic": "2019-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller\u0027s Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T20:06:12",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E"
},
{
"name": "[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Roller",
"version": {
"version_data": [
{
"version_value": "Roller 5.2"
},
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.2. The unsupported pre-Roller 5.1 versions may also be affected."
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller\u0027s Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E",
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E"
},
{
"name": "[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d@%3Cuser.roller.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0234",
"datePublished": "2019-07-15T21:13:14",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4171 (GCVE-0-2013-4171)
Vulnerability from cvelistv5
Published
2013-12-07 20:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rollerweblogger.org/project/entry/apache_roller_5_0_2 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55862 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/55877 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:00.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "55862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55862"
},
{
"name": "55877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-07T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "55862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55862"
},
{
"name": "55877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2",
"refsource": "CONFIRM",
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"name": "55862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55862"
},
{
"name": "55877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4171",
"datePublished": "2013-12-07T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:00.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17198 (GCVE-0-2018-17198)
Vulnerability from cvelistv5
Published
2019-05-28 17:08
Modified
2024-08-05 10:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108496 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller |
Version: 5.2.1 Version: 5.2.0 Version: earlier unsupported versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"
},
{
"name": "108496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Roller",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "earlier unsupported versions"
}
]
}
],
"datePublic": "2019-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: \u003c!-- \u003cservlet-mapping\u003e \u003cservlet-name\u003eXmlRpcServlet\u003c/servlet-name\u003e \u003curl-pattern\u003e/roller-services/xmlrpc\u003c/url-pattern\u003e \u003c/servlet-mapping\u003e --\u003e"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-29T12:06:02",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"
},
{
"name": "108496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-17198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Roller",
"version": {
"version_data": [
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.0"
},
{
"version_value": "earlier unsupported versions"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: \u003c!-- \u003cservlet-mapping\u003e \u003cservlet-name\u003eXmlRpcServlet\u003c/servlet-name\u003e \u003curl-pattern\u003e/roller-services/xmlrpc\u003c/url-pattern\u003e \u003c/servlet-mapping\u003e --\u003e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E"
},
{
"name": "108496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-17198",
"datePublished": "2019-05-28T17:08:11",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:47:03.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2380 (GCVE-0-2012-2380)
Vulnerability from cvelistv5
Published
2012-06-26 10:00
Modified
2024-09-16 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:23.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-26T10:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2380",
"datePublished": "2012-06-26T10:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:54:28.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0030 (GCVE-0-2014-0030)
Vulnerability from cvelistv5
Published
2017-10-09 14:00
Modified
2024-08-06 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/45341/ | exploit, x_refsource_EXPLOIT-DB | |
| https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ | x_refsource_CONFIRM | |
| https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45341",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45341/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/"
},
{
"name": "[roller-dev] 20140111 CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45341",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45341/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/"
},
{
"name": "[roller-dev] 20140111 CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45341",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45341/"
},
{
"name": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/",
"refsource": "CONFIRM",
"url": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/"
},
{
"name": "[roller-dev] 20140111 CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw@mail.gmail.com%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0030",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-05-28 18:29
Modified
2024-11-21 03:54
Severity ?
Summary
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89B0F0AE-B2C0-46EF-8F4E-536C7D5BEB00",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3BF42DD4-DC14-4431-B003-F47573F48F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6111BFC4-E2DC-4F24-AC3E-E8B0A2F59EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "317F3048-B64D-4025-B32A-7253D92099E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AFE5F4B0-FAC9-42BD-835D-8FE17BCFCAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4B985BFD-C455-4348-9BDF-5ABB49EDE155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0C2BDB35-8383-4FE5-8863-D46AA7CB3925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92C690A2-4772-493E-8220-133E12692AC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: \u003c!-- \u003cservlet-mapping\u003e \u003cservlet-name\u003eXmlRpcServlet\u003c/servlet-name\u003e \u003curl-pattern\u003e/roller-services/xmlrpc\u003c/url-pattern\u003e \u003c/servlet-mapping\u003e --\u003e"
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3nes (SSRF) y de enumeraci\u00f3n de archivos en el lado del servidor en Apache Roller versi\u00f3n 5.2.1, 5.2.0 y anteriores no compatibles, se basa en Java SAX Parser para implementar su interfaz XML-RPC y, por defecto, este analizador admite entidades externas en XML DOCTYPE, que expone a Roller a la vulnerabilidad de tipo SSRF o enumeraci\u00f3n de archivos. Es importante indicar que esta vulnerabilidad se presenta incluso si la interfaz Roller XML-RPC est\u00e1 deshabilitada por medio de la interfaz de usuario administrador de Roller Web. Mitigaci\u00f3n: se presenta un par de formas en que se puede solucionar esta vulnerabilidad: 1) Actualice a la \u00faltima versi\u00f3n de Roller, que ahora es versi\u00f3n 5.2.2 2) o, edite el archivo Roller web.xml y comente el mapeo Servlet XML-RPC como se indica a continuaci\u00f3n:"
}
],
"id": "CVE-2018-17198",
"lastModified": "2024-11-21T03:54:04.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-28T18:29:00.273",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/108496"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/108496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-07 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE5876E-60B5-4C9B-AC41-E45F47F66FC5",
"versionEndIncluding": "5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "558E1D25-794A-49EF-AEEA-35B0A697634D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2628B6C-451D-49BA-B9A5-528A4A8C8FA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka \"OGNL Injection.\""
},
{
"lang": "es",
"value": "Algunos m\u00e9todos getText en el controlador ActionSupport en Apache Roller anterior a v5.0.2 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias a trav\u00e9s del primer o segundo par\u00e1metro, como se ha demostrado a trav\u00e9s del par\u00e1metro pageTitle en !getPageTitle sub-URL a roller-ui/login.rol, que utiliza una subclase de UIAction, aka \"OGNL Injection\"."
}
],
"id": "CVE-2013-4212",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-07T20:55:02.320",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55877"
},
{
"source": "secalert@redhat.com",
"url": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/29859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/100342"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/29859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/100342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89239"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-06 08:15
Modified
2024-11-21 08:11
Severity ?
Summary
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp | Mailing List, Mitigation, Vendor Advisory | |
| security@apache.org | https://www.openwall.com/lists/oss-security/2023/08/16/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp | Mailing List, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/08/16/1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904A08A0-C958-488C-AEC7-C0505DD2CD93",
"versionEndExcluding": "6.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller\u0027s File Upload feature.\u2003\n\n"
}
],
"id": "CVE-2023-37581",
"lastModified": "2024-11-21T08:11:59.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-06T08:15:09.013",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp"
},
{
"source": "security@apache.org",
"url": "https://www.openwall.com/lists/oss-security/2023/08/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openwall.com/lists/oss-security/2023/08/16/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-14 09:15
Modified
2025-05-27 19:37
Severity ?
Summary
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.
Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.
Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/10/12/1 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0EC7CE-8E37-439D-9F03-42A14F84AEE0",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller\u0027s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.\n\nRoller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.\n\nRoller 6.1.4 release announcement:\u00a0 https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw"
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios por Cross-site Resource Forgery (CSRF) en Apache Roller. En los sitios web de Roller con varios blogs y usuarios, por defecto, se conf\u00eda en los propietarios de los blogs para que publiquen contenido arbitrario en los blogs y esto, combinado con una deficiencia en las protecciones CSRF de Roller, permiti\u00f3 un ataque de escalada de privilegios. Este problema afecta a Apache Roller anterior a la versi\u00f3n 6.1.4. Se recomienda a los usuarios de Roller que ejecutan sitios web de Roller con varios blogs y usuarios que actualicen a la versi\u00f3n 6.1.4, que soluciona el problema. Anuncio de lanzamiento de Roller 6.1.4: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw"
}
],
"id": "CVE-2024-46911",
"lastModified": "2025-05-27T19:37:34.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-14T09:15:04.297",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/10/12/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-26 10:23
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | roller | * | |
| apache | roller | 0.9.5 | |
| apache | roller | 0.9.6 | |
| apache | roller | 0.9.6.3 | |
| apache | roller | 0.9.6.4 | |
| apache | roller | 0.9.7 | |
| apache | roller | 0.9.7.1 | |
| apache | roller | 0.9.7.2 | |
| apache | roller | 0.9.8 | |
| apache | roller | 0.9.8.1 | |
| apache | roller | 0.9.8.2 | |
| apache | roller | 0.9.9 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0.1 | |
| apache | roller | 1.1 | |
| apache | roller | 1.1.1 | |
| apache | roller | 1.1.2 | |
| apache | roller | 1.2 | |
| apache | roller | 1.3 | |
| apache | roller | 2.0 | |
| apache | roller | 2.0.1 | |
| apache | roller | 2.0.2 | |
| apache | roller | 2.1 | |
| apache | roller | 2.1.1 | |
| apache | roller | 2.3 | |
| apache | roller | 3.0 | |
| apache | roller | 3.1 | |
| apache | roller | 4.0 | |
| apache | roller | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D20B87F4-A828-41E5-8AC8-25985C7F319C",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F70FBEB-3A04-40BF-8AA8-3F9AF53F0920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6993AA5A-A5C1-4B30-8F6A-38C061A366B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "523BDB39-09A2-4319-931D-3D8504B0B126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8080AE6C-BA70-41BC-AC6F-94548676FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28B31498-7E52-4BCE-A58D-68F2CED9B620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA136C3F-4B08-4845-8FA8-DA5A7767CB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F376A413-525A-41BF-8D00-1DC55226CDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "018B884B-9D02-4959-9130-10C75530A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "284BF572-5605-4B6E-8FBF-754E54F12CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1117E1-4451-4F5E-B925-04566199DB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F86BCB32-C632-40D6-B4E4-FBBE87CAA3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEAE344-2BD7-4B2E-861F-1520196B8D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6C14BE36-AB4E-4BFD-9B11-09A727FEC11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "988BB150-C424-4D34-852D-6969CF0172CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8361AAA-B0C9-430D-A8EC-442011D3D42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577EFDD0-F00E-4998-90E6-9E3C667A633C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53EE6EAE-2A06-406D-81B1-C75AF74DBC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB95A89-FC3A-412B-A014-110A38713281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B015301F-79BE-4FDB-940C-F285175C842A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "074B2F86-B547-44CB-A48E-11D563D5015A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0E92CA-3474-4EDA-939E-91E6317AADA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3EDA62-3386-4E44-AD29-54FAEF630E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF26410-650F-49F3-B25E-F068FF0A9AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A534608D-B224-41CC-ADDA-024D2546DD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161EC86B-F5D3-4CFE-95DB-096646B8C34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F6585-17A3-4EF7-AF04-609AEAA3084F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "113D4B57-9D4E-408B-A1D0-80CAE862CF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B13BC4B-6DC9-44CD-AC45-DF4CDBF6BA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "558E1D25-794A-49EF-AEEA-35B0A697634D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Apache Roller anterior a v5.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del rol de blogger."
}
],
"id": "CVE-2012-2381",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-26T10:23:42.020",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-07 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE5876E-60B5-4C9B-AC41-E45F47F66FC5",
"versionEndIncluding": "5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "558E1D25-794A-49EF-AEEA-35B0A697634D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2628B6C-451D-49BA-B9A5-528A4A8C8FA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en Apache Roller anterior a v5.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con los resultados de b\u00fasqueda en las plantillas feed (1) RSS y (2) Atom."
}
],
"id": "CVE-2013-4171",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-07T20:55:02.210",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rollerweblogger.org/project/entry/apache_roller_5_0_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55877"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 08:15
Modified
2024-11-21 06:09
Severity ?
Summary
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2021/08/18/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/08/18/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3A7D5E-4C46-4659-B300-EEA08ED8BC29",
"versionEndExcluding": "6.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User controlled `request.getHeader(\"Referer\")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn\u0027t have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2."
},
{
"lang": "es",
"value": "Los controles de usuario \"request.getHeader(\"Referer\")\", \"request.getRequestURL()\" y \"request.getQueryString()\" son usados para construir y ejecutar una expresi\u00f3n regex. El atacante no tiene que usar un navegador y puede enviar un encabezado Referer especialmente dise\u00f1ada mediante programaci\u00f3n. Dado que el atacante controla la cadena y el patr\u00f3n regex, puede causar un ReDoS mediante el retroceso catastr\u00f3fico de regex en el lado del servidor. Este problema ha sido corregido en Roller versi\u00f3n 6.0.2."
}
],
"id": "CVE-2021-33580",
"lastModified": "2024-11-21T06:09:08.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T08:15:06.173",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/18/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-26 10:23
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | roller | * | |
| apache | roller | 0.9.5 | |
| apache | roller | 0.9.6 | |
| apache | roller | 0.9.6.3 | |
| apache | roller | 0.9.6.4 | |
| apache | roller | 0.9.7 | |
| apache | roller | 0.9.7.1 | |
| apache | roller | 0.9.7.2 | |
| apache | roller | 0.9.8 | |
| apache | roller | 0.9.8.1 | |
| apache | roller | 0.9.8.2 | |
| apache | roller | 0.9.9 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0 | |
| apache | roller | 1.0.1 | |
| apache | roller | 1.1 | |
| apache | roller | 1.1.1 | |
| apache | roller | 1.1.2 | |
| apache | roller | 1.2 | |
| apache | roller | 1.3 | |
| apache | roller | 2.0 | |
| apache | roller | 2.0.1 | |
| apache | roller | 2.0.2 | |
| apache | roller | 2.1 | |
| apache | roller | 2.1.1 | |
| apache | roller | 2.3 | |
| apache | roller | 3.0 | |
| apache | roller | 3.1 | |
| apache | roller | 4.0 | |
| apache | roller | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D20B87F4-A828-41E5-8AC8-25985C7F319C",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F70FBEB-3A04-40BF-8AA8-3F9AF53F0920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6993AA5A-A5C1-4B30-8F6A-38C061A366B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "523BDB39-09A2-4319-931D-3D8504B0B126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8080AE6C-BA70-41BC-AC6F-94548676FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28B31498-7E52-4BCE-A58D-68F2CED9B620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA136C3F-4B08-4845-8FA8-DA5A7767CB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F376A413-525A-41BF-8D00-1DC55226CDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "018B884B-9D02-4959-9130-10C75530A91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "284BF572-5605-4B6E-8FBF-754E54F12CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1117E1-4451-4F5E-B925-04566199DB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F86BCB32-C632-40D6-B4E4-FBBE87CAA3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEAE344-2BD7-4B2E-861F-1520196B8D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6C14BE36-AB4E-4BFD-9B11-09A727FEC11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "988BB150-C424-4D34-852D-6969CF0172CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8361AAA-B0C9-430D-A8EC-442011D3D42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577EFDD0-F00E-4998-90E6-9E3C667A633C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53EE6EAE-2A06-406D-81B1-C75AF74DBC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB95A89-FC3A-412B-A014-110A38713281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B015301F-79BE-4FDB-940C-F285175C842A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "074B2F86-B547-44CB-A48E-11D563D5015A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0E92CA-3474-4EDA-939E-91E6317AADA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3EDA62-3386-4E44-AD29-54FAEF630E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF26410-650F-49F3-B25E-F068FF0A9AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A534608D-B224-41CC-ADDA-024D2546DD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161EC86B-F5D3-4CFE-95DB-096646B8C34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F6585-17A3-4EF7-AF04-609AEAA3084F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "113D4B57-9D4E-408B-A1D0-80CAE862CF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B13BC4B-6DC9-44CD-AC45-DF4CDBF6BA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "558E1D25-794A-49EF-AEEA-35B0A697634D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la consola de administraci\u00f3n / editor en Apache Roller anterior a v5.0.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores y editores mediante el aprovechamiento de la funcionalidad de HTTP POST."
}
],
"id": "CVE-2012-2380",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-26T10:23:41.973",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-30 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F6585-17A3-4EF7-AF04-609AEAA3084F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "113D4B57-9D4E-408B-A1D0-80CAE862CF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B13BC4B-6DC9-44CD-AC45-DF4CDBF6BA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Apache Roller v2.3, v3.0, v3.1, y v4.0 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s del par\u00e1metro q en una acci\u00f3n de b\u00fasqueda."
}
],
"id": "CVE-2008-6879",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-30T19:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://issues.apache.org/roller/browse/ROL-1766"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51151"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31523"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://issues.apache.org/roller/browse/ROL-1766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=668737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-15 22:15
Modified
2024-11-21 04:16
Severity ?
Summary
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF420A0-DEED-45B0-AF7C-33AB0D6E2552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92C690A2-4772-493E-8220-133E12692AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F7FE79-D2AC-45C2-A58D-0228B0300682",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller\u0027s Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado en Apache Roller. El autenticador de comentarios matem\u00e1ticos de Roller no ten\u00eda la propiedad de sanear las entradas del usuario y podr\u00eda ser explotado para realizar una ataque Cross-site Scripting (XSS) Reflejado. La mitigaci\u00f3n de esta vulnerabilidad es actualizar a la \u00faltima versi\u00f3n de Roller, que ahora es Roller versi\u00f3n 5.2.3."
}
],
"id": "CVE-2019-0234",
"lastModified": "2024-11-21T04:16:33.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-15T22:15:12.133",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-14 09:15
Modified
2025-06-03 21:32
Severity ?
Summary
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.
This issue affects Apache Roller versions up to and including 6.1.4.
The vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42C996C5-1F15-45BD-B013-5DE883E564BB",
"versionEndExcluding": "6.1.5",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user\u0027s password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.\n\nThis issue affects Apache Roller versions up to and including 6.1.4.\n\nThe vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de sesiones en Apache Roller anterior a la versi\u00f3n 6.1.5, donde las sesiones de usuario activas no se invalidan correctamente tras cambiar la contrase\u00f1a. Cuando se cambia la contrase\u00f1a de un usuario, ya sea por el propio usuario o por un administrador, las sesiones existentes permanecen activas y utilizables. Esto permite el acceso continuo a la aplicaci\u00f3n a trav\u00e9s de sesiones antiguas incluso despu\u00e9s de cambiar la contrase\u00f1a, lo que podr\u00eda permitir el acceso no autorizado si las credenciales se ven comprometidas. Este problema afecta a las versiones de Apache Roller hasta la 6.1.4 incluida. La vulnerabilidad se corrige en Apache Roller 6.1.5 mediante la implementaci\u00f3n de una gesti\u00f3n de sesiones centralizada que invalida correctamente todas las sesiones activas al cambiar las contrase\u00f1as o deshabilitar a los usuarios."
}
],
"id": "CVE-2025-24859",
"lastModified": "2025-06-03T21:32:18.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2025-04-14T09:15:14.223",
"references": [
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/vxv52vdr8nhtjlj6v02w43fdvo0cxw23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/11/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 01:30
Modified
2025-04-20 01:37
Severity ?
Summary
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B13BC4B-6DC9-44CD-AC45-DF4CDBF6BA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9B4815-4B5F-488A-B498-1065E74ECA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "558E1D25-794A-49EF-AEEA-35B0A697634D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2628B6C-451D-49BA-B9A5-528A4A8C8FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "418523EC-6B90-4DAD-82CC-EBE89CB769C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55D89FA5-CE99-44D0-AB10-E66CBEAB89DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
},
{
"lang": "es",
"value": "La compatibilidad con el protocolo XML-RPC en versiones anteriores a la 5.0.3 de Apache Roller permite que los atacantes lleven a cabo ataques XEE (XML External Entity) mediante vectores no especificados."
}
],
"id": "CVE-2014-0030",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T01:30:20.250",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/"
},
{
"source": "secalert@redhat.com",
"url": "https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45341/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45341/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
Summary
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6F226C-25C2-4377-A5CE-3F95172E0AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:roller:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B66C4A-26BA-42CE-A8D5-37BB71373926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL)."
},
{
"lang": "es",
"value": "La plantilla de p\u00e1gina weblog en Apache Roller versi\u00f3n 5.1 hasta 5.1.1, permite a los usuarios autenticados remotos con privilegios de administrador en una weblog ejecutar c\u00f3digo Java arbitrario por medio de un Velocity Text Language especialmente dise\u00f1ado (tambi\u00e9n se conoce como VTL)."
}
],
"id": "CVE-2015-0249",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:03.123",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-0249"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/30/13"
},
{
"source": "secalert@redhat.com",
"url": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-0249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/30/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail-archives.apache.org/mod_mbox/roller-user/201503.mbox/%3CCAF1aazAPWTduVhrPr7WiFaspFdsh21yf0YiSB3UmLjtDVGnfXw%40mail.gmail.com%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-26 09:15
Modified
2025-03-14 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.
This issue affects Apache Roller: from 5.0.0 before 6.1.3.
Users are recommended to upgrade to version 6.1.3, which fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/07/25/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B9206D-CB9B-49BD-8162-CEFAE5C287E3",
"versionEndExcluding": "6.1.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation and sanitation in Profile name \u0026 screenname, Bookmark name \u0026 description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.\n\nThis issue affects Apache Roller: from 5.0.0 before 6.1.3.\n\nUsers are recommended to upgrade to version 6.1.3, which fixes the issue."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada y sanitizaci\u00f3n insuficientes de las funciones Profile name \u0026amp; screenname, Bookmark name \u0026amp; description and blogroll name en todas las versiones de Apache Roller en todas las plataformas permite que un usuario autenticado realice un ataque de XSS. Mitigaci\u00f3n: si no tiene Roller configurado para usuarios no confiables, entonces no necesita hacer nada porque conf\u00eda en que sus usuarios creen HTML sin formato y otro contenido web. Si est\u00e1 ejecutando con usuarios no confiables, entonces debe actualizar a Roller 6.1.3. Este problema afecta a Apache Roller: desde 5.0.0 hasta 6.1.3. Se recomienda a los usuarios que actualicen a la versi\u00f3n 6.1.3, que soluciona el problema."
}
],
"id": "CVE-2024-25090",
"lastModified": "2025-03-14T17:15:42.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-26T09:15:09.700",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}