Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:apache:jackrabbit:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:jackrabbit:2.13.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.4.0"
},
{
"last_affected": "2.4.0"
},
{
"introduced": "2.4.1"
},
{
"last_affected": "2.4.1"
},
{
"introduced": "2.4.2"
},
{
"last_affected": "2.4.2"
},
{
"introduced": "2.4.3"
},
{
"last_affected": "2.4.3"
},
{
"introduced": "2.4.4"
},
{
"last_affected": "2.4.4"
},
{
"introduced": "2.4.5"
},
{
"last_affected": "2.4.5"
},
{
"introduced": "2.6.0"
},
{
"last_affected": "2.6.0"
},
{
"introduced": "2.6.1"
},
{
"last_affected": "2.6.1"
},
{
"introduced": "2.6.2"
},
{
"last_affected": "2.6.2"
},
{
"introduced": "2.6.3"
},
{
"last_affected": "2.6.3"
},
{
"introduced": "2.6.4"
},
{
"last_affected": "2.6.4"
},
{
"introduced": "2.6.5"
},
{
"last_affected": "2.6.5"
},
{
"introduced": "2.8.0"
},
{
"last_affected": "2.8.0"
},
{
"introduced": "2.8.1"
},
{
"last_affected": "2.8.1"
},
{
"introduced": "2.8.2"
},
{
"last_affected": "2.8.2"
},
{
"introduced": "2.10.0"
},
{
"last_affected": "2.10.0"
},
{
"introduced": "2.10.1"
},
{
"last_affected": "2.10.1"
},
{
"introduced": "2.10.2"
},
{
"last_affected": "2.10.2"
},
{
"introduced": "2.10.3"
},
{
"last_affected": "2.10.3"
},
{
"introduced": "2.12.0"
},
{
"last_affected": "2.12.0"
},
{
"introduced": "2.12.1"
},
{
"last_affected": "2.12.1"
},
{
"introduced": "2.12.2"
},
{
"last_affected": "2.12.2"
},
{
"introduced": "2.12.3"
},
{
"last_affected": "2.12.3"
},
{
"introduced": "2.13.0"
},
{
"last_affected": "2.13.0"
},
{
"introduced": "2.13.1"
},
{
"last_affected": "2.13.1"
},
{
"introduced": "2.13.2"
},
{
"last_affected": "2.13.2"
}
]
}