141 matches found
3.6 bug fix and enhancement update
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...
Medium: geronimo-jaxrpc
Issue Overview: Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c. CVE-2018-11577 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function...
apache-geronimo.328035.n3.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1184944 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator
Summary Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2008-0732 DESCRIPTION: Apache Geronimo could allow a local attacker to obtain sensitive information, caused by the init script following symlinks during a chown...
Authentication Bypass
geronimo is vulnerable to authentication bypass. A remote attacker is able to bypass the login function by attempting to login using a non-existent username...
Cross-Site Scripting (XSS)
geronimo is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the name, ip, username or description parameters in console/portal/Server/Monitoring, and PATHINFO parameter to the default URI under console/portal/...
Authentication Bypass
geronimo is vulnerable to authentication bypass. A remote attacker is able to bypass authentication to obtain access to Geronimo internals and retrieve confidential information...
Directory Traversal
Apache Geronimo web administration console is vulnerable to directory traversal. The vulnerabilty is possible because it does not validate the input to the web administrative console, allowing a remote attacker to upload any file in any directory...
Cross-Site Request Forgery (CSRF)
Apache Geronimo application server is vulnerable to cross-site request forgery. Attackers can exploit the vulnerability to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, or perform certain administrative actions...
Authentication Bypass
Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and passwor...
Cross-Site Scripting (XSS)
Apache Geronimo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into log files via the time parameter or any invalid parameters to cal2.jsp. The injected Javascript executes on the victim's browser when the log files are viewed through the...
Denial Of Service (DoS)
Apache Geronimo is vulnerable to denial of service attacks through resource consumption. This is caused because it computes hash values for form parameters without reliably predicting hash collisions. This allows attackers to cause denial of service attacks by sending multiple parameters designed...
VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 -...
CVE-2007-5797
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database...
Apache Geronimo 2.1.x /console/portal/Server/Monitoring Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - ...
Apache Geronimo 1.0 Error Page XSS
No description provided by source. source: http://www.securityfocus.com/bid/16260/info Apache Geronimo is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the...
Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16260/info Apache Geronimo is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the...
Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-018 Application: Apache Geronimo Application Server Versions Affected: 2.1 - 2.1.3 Vendor URL: http://geronimo.apache.org/ Bug: Directory Traversal File Upload Exploits: YES Reported: 10.12.2008 Vendor...
Apache Geronimo 2.1.x Multiple Admin Function CSRF
No description provided by source. source: http://www.securityfocus.com/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - ...
Apache Geronimo 2.1.x /console/portal/ URI XSS
No description provided by source. source: http://www.securityfocus.com/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - ...