Known Vulnerabilities for Archiva by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Archiva" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-9495 | Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data... | 5.3 - MEDIUM | 2020-06-19 | 2023-11-07 |
| CVE-2019-0214 | In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the arti... | 6.5 - MEDIUM | 2019-04-30 | 2023-11-07 |
| CVE-2019-0213 | In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the l... | 6.5 - MEDIUM | 2019-04-30 | 2023-11-07 |
| CVE-2017-5657 | Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malic... | 8 - HIGH | 2017-05-22 | 2023-11-07 |
| CVE-2016-5005 | Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to in... | 4.8 - MEDIUM | 2016-07-28 | 2023-11-07 |
| CVE-2016-4469 | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hija... | 8.8 - HIGH | 2016-07-28 | 2023-11-07 |
| CVE-2013-2187 | Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to ... | 4.3 - MEDIUM | 2014-04-22 | 2018-10-09 |
| CVE-2011-1077 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote... | 4.3 - MEDIUM | 2011-06-02 | 2018-10-09 |
| CVE-2011-1026 | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow... | 6.8 - MEDIUM | 2011-06-02 | 2018-10-09 |
| CVE-2011-0533 | Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 th... | 4.3 - MEDIUM | 2011-02-17 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Archiva | 3.1.3 | All | All | All |
| Application | Apache | Archiva | 2.2.5 | All | All | All |
| Application | Apache | Archiva | 2.2.4 | All | All | All |
| Application | Apache | Archiva | 2.2.3 | All | All | All |
| Application | Apache | Archiva | 2.2.2 | All | All | All |
| Application | Apache | Archiva | 2.2.1 | All | All | All |
| Application | Apache | Archiva | 2.2.0 | All | All | All |
| Application | Apache | Archiva | 2.1.1 | All | All | All |
| Application | Apache | Archiva | 2.1.0 | All | All | All |
| Application | Apache | Archiva | 2.0.1 | All | All | All |
| Application | Apache | Archiva | 2.0.0 | rc2 | All | All |
| Application | Apache | Archiva | 2.0.0 | All | All | All |
| Application | Apache | Archiva | 2.0.0 | - | All | All |
| Application | Apache | Archiva | 2.0.0 | rc1 | All | All |
| Application | Apache | Archiva | 2.0.0 | rc3 | All | All |
| Application | Apache | Archiva | 1.4 | milestone4 | All | All |
| Application | Apache | Archiva | 1.4 | milestone3 | All | All |
| Application | Apache | Archiva | 1.4 | milestone2 | All | All |
| Application | Apache | Archiva | 1.4 | milestone1 | All | All |
| Application | Apache | Archiva | 1.3.9 | All | All | All |