Upstream information
Description
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 9.4 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | None |
SUSE Security Advisories:
- SUSE-SR:2009:013, published Tue, 11 Aug 2009 14:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 |
| Patchnames: slessp0-websphere-as_ce |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 06:51:07 2013CVE page last modified: Fri Dec 8 16:29:45 2023