CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-5518

CRITICAL
9.4
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile34.18th
Published2009年4月17日
Last Modified2026年4月23日

Vulnerability Description

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Affected Platforms (CPE)

📦
Apache

Geronimo

= 2.1
📦
Apache

Geronimo

= 2.1.1
📦
Apache

Geronimo

= 2.1.2
📦
Apache

Geronimo

= 2.1.3

References & Advisories

🔗 http://dsecrg.com/pages/vul/show.php?id=118
🔗 http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
🔗 http://issues.apache.org/jira/browse/GERONIMO-4597
🔗 http://secunia.com/advisories/34715
🔗 http://www.securityfocus.com/archive/1/502733/100/0/threaded
🔗 http://www.securityfocus.com/bid/34562
🔗 http://www.vupen.com/english/advisories/2009/1089
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/49898

関連する脆弱性情報

CVE-2007-454810.0

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, whic...

CVE-2013-177710.0

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Ed...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2011-50347.8

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisi...