Cross-Site Scripting Vulnerabilities in Apache Geronimo Application Server
CVE-2009-0038

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 17 April 2009

Summary

The Apache Geronimo Application Server contains multiple cross-site scripting (XSS) vulnerabilities within its web administration console. These vulnerabilities permit remote attackers to exploit the system by injecting arbitrary web scripts or HTML code, primarily through the manipulation of parameters such as name, IP address, username, or description in the console's monitoring interface. Furthermore, the attacker can also exploit the default URI by altering the PATH_INFO. This can lead to unauthorized actions or data exposure, making it critical for users to apply the necessary security updates to mitigate these risks.

References

http://geronimo.apache.org/21x-security-report.html#2.1.x...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1089

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/34562

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 17, 2009
Vulnerability Reserved
Dec 15, 2008