Directory Traversal Vulnerabilities in Apache Geronimo Application Server
CVE-2008-5518

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 17 April 2009

Summary

Multiple directory traversal vulnerabilities exist in the web administration console of Apache Geronimo Application Server versions 2.1 through 2.1.3 on Windows. These vulnerabilities allow remote attackers to exploit the system by uploading files to arbitrary directories through specially crafted inputs in various parameters including group, artifact, version, fileType, createDB, and filename across different portlets, such as the Services/Repository and Embedded DB/DB Manager.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49900

vdb-entryx_refsource_XF

https://exchange.xforce.ibmcloud.com/vulnerabilities/49899

vdb-entryx_refsource_XF

http://geronimo.apache.org/21x-security-report.html#2.1.x...

x_refsource_CONFIRM

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 17, 2009
Vulnerability Reserved
Dec 12, 2008