### [CVE-2016-8737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8737)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Brooklyn&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20request%20forgery%20(CSRF)&color=brighgreen)

### Description

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.

### POC

#### Reference
- https://brooklyn.apache.org/community/security/CVE-2016-8737.html

#### Github
No PoCs found on GitHub currently.