CVE-2006-5750 - Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server

CVE-2006-5750

Summary

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

References

Vulnerable Configurations

cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2006:0743

rpms

jbossas-0:4.0.4-1.el4s1.25

refmap via4

bid	21219
bugtraq	20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal 20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal
confirm	http://jira.jboss.com/jira/browse/ASPATCH-126 http://jira.jboss.com/jira/browse/JBAS-3861 https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
hp	HPSBST02318 SSRT080018
osvdb	30767
sectrack	1017289
secunia	23095 23984 24104 29726
suse	SUSE-SR:2007:002
vupen	ADV-2006-4724 ADV-2006-4726 ADV-2007-0554 ADV-2008-1155

Last major update

17-10-2018 - 21:44

Published

27-11-2006 - 20:07

Last modified

17-10-2018 - 21:44