CVE-2008-5518

2009-04-1714:30:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Affected configurations

Nvd

Node

apachegeronimoMatch2.1

apachegeronimoMatch2.1.1

apachegeronimoMatch2.1.2

apachegeronimoMatch2.1.3

AND

microsoftwindows

VendorProductVersionCPE
apachegeronimo2.1cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*
apachegeronimo2.1.1cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*
apachegeronimo2.1.2cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*
apachegeronimo2.1.3cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	geronimo	2.1	cpe:2.3:a:apache:geronimo:2.1:::::::*
apache	geronimo	2.1.1	cpe:2.3:a:apache:geronimo:2.1.1:::::::*
apache	geronimo	2.1.2	cpe:2.3:a:apache:geronimo:2.1.2:::::::*
apache	geronimo	2.1.3	cpe:2.3:a:apache:geronimo:2.1.3:::::::*
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::