2017-09-13 16:00:00
apache
PUBLISHED
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attackers commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.