CVE-2009-0038

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 17 April 2009

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

References

http://geronimo.apache.org/21x-security-report.html#2.1.x...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1089

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/34562

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 17, 2009
Vulnerability Reserved
Dec 15, 2008