Veracode Vulnerability DatabaseVERACODE:13535Directory Traversal
9.4 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N
Apache Geronimo web administration console is vulnerable to directory traversal. The vulnerabilty is possible because it does not validate the input to the web administrative console, allowing a remote attacker to upload any file in any directory.
References
dsecrg.com/pages/vul/show.php?id=118
geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
issues.apache.org/jira/browse/GERONIMO-4597
secunia.com/advisories/34715
www.securityfocus.com/archive/1/502733/100/0/threaded
www.securityfocus.com/bid/34562
www.vupen.com/english/advisories/2009/1089
exchange.xforce.ibmcloud.com/vulnerabilities/49898
exchange.xforce.ibmcloud.com/vulnerabilities/49899
exchange.xforce.ibmcloud.com/vulnerabilities/49900
issues.apache.org/jira/browse/GERONIMO-4597
www.exploit-db.com/exploits/8458
Related
9.4 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N