GoogleOSV:GHSA-678X-XFP4-R92RApache Geronimo Application Server CSRF vulnerabilities
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.3%
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
References
dsecrg.com/pages/vul/show.php?id=120
geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
issues.apache.org/jira/browse/GERONIMO-4597
secunia.com/advisories/34715
www.securityfocus.com/archive/1/502735/100/0/threaded
www.securityfocus.com/bid/34562
www.vupen.com/english/advisories/2009/1089
github.com/apache/geronimo/commit/aa0c2c26dde8930cad924796af7c17a13d236b16
nvd.nist.gov/vuln/detail/CVE-2009-0039
svn.apache.org/viewvc/geronimo/server
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.3%