Cross-Site Request Forgery Vulnerabilities in Apache Geronimo Application Server
CVE-2009-0039

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 17 April 2009

Summary

The Apache Geronimo Application Server 2.1 through 2.1.3 is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities in its web administration console. This allows remote attackers to potentially hijack the authentication of administrators and perform unauthorized actions. These actions may include changing the web administration password, uploading malicious applications, and executing other unspecified administrative tasks, which could lead to further exploitation of the affected server.

References

http://geronimo.apache.org/21x-security-report.html#2.1.x...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1089

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/34562

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 17, 2009
Vulnerability Reserved
Dec 15, 2008