Published: 17/04/2009 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 up to and including 2.1.3 allow remote malicious users to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache geronimo 2.1.3
apache geronimo 2.1.1
apache geronimo 2.1.2
apache geronimo 2.1

source: wwwsecurityfocuscom/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - A cross-site request-forgery vulnerability Attackers can exploit these issues t ...

CWE-352 http://www.securityfocus.com/bid/34562 http://dsecrg.com/pages/vul/show.php?id=120 http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 http://issues.apache.org/jira/browse/GERONIMO-4597 http://www.vupen.com/english/advisories/2009/1089 http://secunia.com/advisories/34715 http://www.securityfocus.com/archive/1/502735/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32922/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0039

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect