High severity8.8NVD Advisory· Published Sep 13, 2017· Updated May 13, 2026
CVE-2016-8737
CVE-2016-8737
Description
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.brooklyn:brooklyn-rest-resourcesMaven | < 0.10.0 | 0.10.0 |
org.apache.brooklyn:brooklyn-jsguiMaven | < 0.10.0 | 0.10.0 |
Affected products
1- Apache Software Foundation/Apache Brooklynv5Range: 0.9.0 and all prior versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- brooklyn.apache.org/community/security/CVE-2016-8737.htmlnvdMitigationPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/96228nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-g2hf-g7fh-vg92ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-8737ghsaADVISORY
- github.com/apache/brooklyn-server/pull/430ghsaWEB
- github.com/apache/brooklyn-ui/pull/37ghsaWEB
- lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953%40%3Cdev.brooklyn.apache.org%3EnvdWEB
News mentions
0No linked articles in our index yet.