High severity8.8NVD Advisory· Published Sep 21, 2016· Updated Jun 17, 2026
CVE-2016-6801
CVE-2016-6801
Description
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.4.0, < 2.4.6 | 2.4.6 |
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.6.0, < 2.6.6 | 2.6.6 |
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.8.0, < 2.8.3 | 2.8.3 |
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.10.0, < 2.10.4 | 2.10.4 |
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.12.0, < 2.12.4 | 2.12.4 |
org.apache.jackrabbit:jackrabbit-webdavMaven | >= 2.13.0, < 2.13.3 | 2.13.3 |
Affected products
1Patches
Vulnerability mechanics
References
10- www.debian.org/security/2016/dsa-3679nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/09/14/6nvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/92966nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-9fc7-rhq3-wm7xghsaADVISORY
- issues.apache.org/jira/browse/JCR-4009nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-6801ghsaADVISORY
- github.com/apache/jackrabbit/commit/16f2f02fcaef6202a2bf24c449d4fd10eb98f08dghsaWEB
- github.com/apache/jackrabbit/commit/ea75d7c2aeaafecd9ab97736bf81c5616f703244ghsaWEB
- github.com/apache/jackrabbit/commit/eae001a54aae9c243ac06b5c8f711b2cb2038700ghsaWEB
- web.archive.org/web/20210123170657/http://www.securityfocus.com/bid/92966ghsaWEB
News mentions
0No linked articles in our index yet.