Cross-Site Scripting Vulnerabilities in Apache Geronimo Application Server
CVE-2009-0038

Currently unrated

Key Information:

Vendor

Apache
Status
Geronimo
Vendor
CVE Published:
17 April 2009

What is CVE-2009-0038?

The Apache Geronimo Application Server contains multiple cross-site scripting (XSS) vulnerabilities within its web administration console. These vulnerabilities permit remote attackers to exploit the system by injecting arbitrary web scripts or HTML code, primarily through the manipulation of parameters such as name, IP address, username, or description in the console's monitoring interface. Furthermore, the attacker can also exploit the default URI by altering the PATH_INFO. This can lead to unauthorized actions or data exposure, making it critical for users to apply the necessary security updates to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://geronimo.apache.org/21x-security-report.html#2.1.x...
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1089
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/34562
vdb-entryx_refsource_BID

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.