Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.4
CVSSv2

CVE-2008-5518

Published: 17/04/2009 Updated: 11/10/2018
CVSS v2 Base Score: 9.4 | Impact Score: 9.2 | Exploitability Score: 10
VMScore: 945
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Subscribe to Apache

Vulnerability Summary

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 up to and including 2.1.3 on Windows allow remote malicious users to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Vulnerable Product Search on Vulmon Subscribe to Product

apache geronimo 2.1

apache geronimo 2.1.2

apache geronimo 2.1.3

apache geronimo 2.1.1

Exploits

Exploit DB: Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-018 Application: Apache Geronimo Application Server Versions Affected: 21 - 213 Vendor URL: geronimoapacheorg/ Bug: Directory Traversal File Upload Exploits: YES Reported: ...

References

CWE-22http://issues.apache.org/jira/browse/GERONIMO-4597http://www.securityfocus.com/bid/34562http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214http://dsecrg.com/pages/vul/show.php?id=118http://www.vupen.com/english/advisories/2009/1089http://secunia.com/advisories/34715https://exchange.xforce.ibmcloud.com/vulnerabilities/49900https://exchange.xforce.ibmcloud.com/vulnerabilities/49899https://exchange.xforce.ibmcloud.com/vulnerabilities/49898https://www.exploit-db.com/exploits/8458http://www.securityfocus.com/archive/1/502733/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/8458/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook