ID |
CVE-2006-5750
|
Summary |
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 17-10-2018 - 21:44) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
redhat
via4
|
advisories | | rpms | jbossas-0:4.0.4-1.el4s1.25 |
|
refmap
via4
|
bid | 21219 | bugtraq | - 20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal
- 20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal
| confirm | | hp | | osvdb | 30767 | sectrack | 1017289 | secunia | | suse | SUSE-SR:2007:002 | vupen | - ADV-2006-4724
- ADV-2006-4726
- ADV-2007-0554
- ADV-2008-1155
|
|
Last major update |
17-10-2018 - 21:44 |
Published |
27-11-2006 - 20:07 |
Last modified |
17-10-2018 - 21:44 |