[Forgot Password]
Login  Register Subscribe

23631

 
 

126173

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0039

Date: (C)2009-04-17   (M)2015-12-16 


Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://www.securityfocus.com/archive/1/archive/1/502735/100/0/threaded
BID-34562
SECUNIA-34715
ADV-2009-1089
http://dsecrg.com/pages/vul/show.php?id=120
http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
http://issues.apache.org/jira/browse/GERONIMO-4597

CPE    1
cpe:/a:apache:geronimo:2.1
CWE    1
CWE-352

© 2013 SecPod Technologies