CVE-2008-5518

Опубликовано: 17 апр. 2009

Источник: nvd

CVSS2: 9.4

EPSS Средний

Описание

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.15783

Средний

9.4 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2008-5518

debian

почти 17 лет назад

Multiple directory traversal vulnerabilities in the web administration ...

GHSA-xm92-rf24-h74w

github

больше 3 лет назад

Apache Geronimo Application Server multiple directory traversal vulnerabilities