Cross-Site Request Forgery (CSRF) Vulnerability in Apache Brooklyn before 0.10.0

Cross-Site Request Forgery (CSRF) Vulnerability in Apache Brooklyn before 0.10.0

CVE-2016-8737 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.

Learn more about our Cis Benchmark Audit For Apache Http Server.