Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0038

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0038
Last Modified 28 Apr 2009 01:37:14
Published 17 Apr 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0038

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

Vulnerable Systems

Application

  • Apache Geronimo 2.1

  • Apache Geronimo 2.1.1

  • Apache Geronimo 2.1.2

  • Apache Geronimo 2.1.3


References

CONFIRM - http://issues.apache.org/jira/browse/GERONIMO-4597

CONFIRM - http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214

VUPEN - ADV-2009-1089

BID - 34562

BUGTRAQ - 20090416 [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt

SECUNIA - 34715

MISC - http://dsecrg.com/pages/vul/show.php?id=119


Last Updated: 27 May 2016 10:49:33