cvelistv5 - cve-2006-5750

CVE-2006-5750 (GCVE-0-2006-5750)

Vulnerability from cvelistv5

Published

2006-11-27 20:00

Modified

2024-08-07 20:04

Severity ?

CWE

Summary

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

References

URL	Tags
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
secalert@redhat.com	http://jira.jboss.com/jira/browse/ASPATCH-126
secalert@redhat.com	http://jira.jboss.com/jira/browse/JBAS-3861
secalert@redhat.com	http://secunia.com/advisories/23095
secalert@redhat.com	http://secunia.com/advisories/23984
secalert@redhat.com	http://secunia.com/advisories/24104
secalert@redhat.com	http://secunia.com/advisories/29726
secalert@redhat.com	http://securitytracker.com/id?1017289
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_02_sr.html
secalert@redhat.com	http://www.osvdb.org/30767
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
secalert@redhat.com	http://www.securityfocus.com/archive/1/452830/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/452862/100/100/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/21219	Patch
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4724
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4726
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0554
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1155/references
secalert@redhat.com	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/ASPATCH-126
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/JBAS-3861
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23095
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23984
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24104
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29726
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017289
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_02_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30767
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452830/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452862/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21219	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4724
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4726
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0554
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1155/references
af854a3a-2127-422b-91ae-364da2661108	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:54.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "ADV-2008-1155",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1155/references"
          },
          {
            "name": "SSRT080018",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "RHSA-2006:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
          },
          {
            "name": "30767",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30767"
          },
          {
            "name": "21219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21219"
          },
          {
            "name": "ADV-2006-4724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4724"
          },
          {
            "name": "23095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23095"
          },
          {
            "name": "HPSBST02318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "29726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29726"
          },
          {
            "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
          },
          {
            "name": "1017289",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017289"
          },
          {
            "name": "SUSE-SR:2007:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "ADV-2007-0554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0554"
          },
          {
            "name": "ADV-2006-4726",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4726"
          },
          {
            "name": "24104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24104"
          },
          {
            "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "23984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23984"
        },
        {
          "name": "ADV-2008-1155",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1155/references"
        },
        {
          "name": "SSRT080018",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "RHSA-2006:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
        },
        {
          "name": "30767",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30767"
        },
        {
          "name": "21219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21219"
        },
        {
          "name": "ADV-2006-4724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4724"
        },
        {
          "name": "23095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23095"
        },
        {
          "name": "HPSBST02318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "29726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29726"
        },
        {
          "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
        },
        {
          "name": "1017289",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017289"
        },
        {
          "name": "SUSE-SR:2007:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
        },
        {
          "name": "ADV-2007-0554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0554"
        },
        {
          "name": "ADV-2006-4726",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4726"
        },
        {
          "name": "24104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24104"
        },
        {
          "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-5750",
    "datePublished": "2006-11-27T20:00:00",
    "dateReserved": "2006-11-06T00:00:00",
    "dateUpdated": "2024-08-07T20:04:54.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5750\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-11-27T20:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en el administrador de consola.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA0BFE2-246F-4F9D-9698-23B7A453C627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5415149C-6EF9-4B94-ABDA-3F52B9A871E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A5BA730-1650-4CD6-8033-AE7B90F2242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A496B6B5-C331-4354-9538-51704BC172A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EC3FC8-D370-4EA3-8FC5-CB8671A669B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C467186E-74BB-4CC6-A4AA-144DA3A2B0C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D678E52-DEE5-4A77-9504-5E62F9A6E61A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC7B567-CACB-4F07-BE1D-E7420060C4E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C763991-3D3C-40A9-ADA1-1BCD70491224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D381E62-7EBD-4F40-92B4-C967C82BBEBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F232BE-9181-4B28-B9ED-C947BCB754DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2559DFD5-A230-467E-A720-7AE7FA9309CD\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jira.jboss.com/jira/browse/ASPATCH-126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jira.jboss.com/jira/browse/JBAS-3861\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/23095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/24104\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29726\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1017289\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/30767\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0743.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/452830/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/452862/100/100/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/21219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4724\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4726\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0554\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1155/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jira.jboss.com/jira/browse/ASPATCH-126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jira.jboss.com/jira/browse/JBAS-3861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/30767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0743.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/452830/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/452862/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1155/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2006:0743

Vulnerability from csaf_redhat

Published

2006-11-27 15:42

Modified

2025-10-09 12:57

Summary

Red Hat Security Advisory: jbossas security update

Notes

Topic

An updated jbossas package that corrects a security vulnerability is now available for Red Hat Application Stack. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

JBoss Application Server is a J2EE certified platform for developing and deploying enterprise Java applications, Web applications, and Portals. Symantec discovered a flaw in the DeploymentFileRepository class of the JBoss Application Server. A remote attacker who is able to access the console manager could read or write to files with the permissions of the JBoss user. This could potentially lead to arbitrary code execution as the jboss user. (CVE-2006-5750) For the Red Hat Application Stack, the jbossas service is not enabled by default. Once the jbossas service is enabled, the console manager will become accessible on port 8080. Although port 8080 will be blocked from outside access by the default Red Hat Enterprise Linux firewall rules, users should ensure that the console is not available publicly and is adequately protected by authentication as explained in the JBoss documentation. A correct configuration of the JBoss Application Server would mitigate this vulnerability to only being exploitable by users who have authorization to use the console manager. All users of Red Hat Application Stack are advised to upgrade to these updated packages, which resolve the directory traversal issue with a backported patch. These updated packages also contain a change to the default jbossas configuration file. For users installing Red Hat Application Stack for the first time, all JBoss Application Server network services, including the management consoles, will be restricted by default to localhost. No change is made for users upgrading previously installed jbossas packages. Users who already have Red Hat Application Stack installed should check to make sure that they have correctly followed the security guidelines and that the management consoles are not accessible to unauthorized users. Red Hat would like to thank Symantec for reporting this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated jbossas package that corrects a security vulnerability is now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Application Server is a J2EE certified platform for developing and\ndeploying enterprise Java applications, Web applications, and Portals.\n\nSymantec discovered a flaw in the DeploymentFileRepository class of the\nJBoss Application Server. A remote attacker who is able to access the\nconsole manager could read or write to files with the permissions of the\nJBoss user. This could potentially lead to arbitrary code execution as the\njboss user. (CVE-2006-5750)\n\nFor the Red Hat Application Stack, the jbossas service is not enabled by\ndefault. Once the jbossas service is enabled, the console manager will\nbecome accessible on port 8080. Although port 8080 will be blocked from\noutside access by the default Red Hat Enterprise Linux firewall rules,\nusers should ensure that the console is not available publicly and is\nadequately protected by authentication as explained in the JBoss\ndocumentation. A correct configuration of the JBoss Application Server\nwould mitigate this vulnerability to only being exploitable by users who\nhave authorization to use the console manager.\n\nAll users of Red Hat Application Stack are advised to upgrade to these\nupdated packages, which resolve the directory traversal issue with a\nbackported patch.\n\nThese updated packages also contain a change to the default jbossas\nconfiguration file.  For users installing Red Hat Application Stack for the\nfirst time, all JBoss Application Server network services, including the\nmanagement consoles, will be restricted by default to localhost.  No change\nis made for users upgrading previously installed jbossas packages.  \n\nUsers who already have Red Hat Application Stack installed should check to\nmake sure that they have correctly followed the security guidelines and\nthat the management consoles are not accessible to unauthorized users.  \n\nRed Hat would like to thank Symantec for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0743",
        "url": "https://access.redhat.com/errata/RHSA-2006:0743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm",
        "url": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm"
      },
      {
        "category": "external",
        "summary": "215828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=215828"
      },
      {
        "category": "external",
        "summary": "216177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216177"
      },
      {
        "category": "external",
        "summary": "216786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216786"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0743.json"
      }
    ],
    "title": "Red Hat Security Advisory: jbossas security update",
    "tracking": {
      "current_release_date": "2025-10-09T12:57:25+00:00",
      "generator": {
        "date": "2025-10-09T12:57:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2006:0743",
      "initial_release_date": "2006-11-27T15:42:00+00:00",
      "revision_history": [
        {
          "date": "2006-11-27T15:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-11-27T10:42:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T12:57:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4ES-RHWAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5750",
      "discovery_date": "2006-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
        }
      ],
      "release_date": "2006-11-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-11-27T15:42:00+00:00",
          "details": "Before applying this update, make sure that the jbossas service is not\nrunning and all previously released errata relevant to your system have\nbeen applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0743"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2006_0743

Vulnerability from csaf_redhat

Published

2006-11-27 15:42

Modified

2024-11-22 00:38

Summary

Red Hat Security Advisory: jbossas security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated jbossas package that corrects a security vulnerability is now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Application Server is a J2EE certified platform for developing and\ndeploying enterprise Java applications, Web applications, and Portals.\n\nSymantec discovered a flaw in the DeploymentFileRepository class of the\nJBoss Application Server. A remote attacker who is able to access the\nconsole manager could read or write to files with the permissions of the\nJBoss user. This could potentially lead to arbitrary code execution as the\njboss user. (CVE-2006-5750)\n\nFor the Red Hat Application Stack, the jbossas service is not enabled by\ndefault. Once the jbossas service is enabled, the console manager will\nbecome accessible on port 8080. Although port 8080 will be blocked from\noutside access by the default Red Hat Enterprise Linux firewall rules,\nusers should ensure that the console is not available publicly and is\nadequately protected by authentication as explained in the JBoss\ndocumentation. A correct configuration of the JBoss Application Server\nwould mitigate this vulnerability to only being exploitable by users who\nhave authorization to use the console manager.\n\nAll users of Red Hat Application Stack are advised to upgrade to these\nupdated packages, which resolve the directory traversal issue with a\nbackported patch.\n\nThese updated packages also contain a change to the default jbossas\nconfiguration file.  For users installing Red Hat Application Stack for the\nfirst time, all JBoss Application Server network services, including the\nmanagement consoles, will be restricted by default to localhost.  No change\nis made for users upgrading previously installed jbossas packages.  \n\nUsers who already have Red Hat Application Stack installed should check to\nmake sure that they have correctly followed the security guidelines and\nthat the management consoles are not accessible to unauthorized users.  \n\nRed Hat would like to thank Symantec for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0743",
        "url": "https://access.redhat.com/errata/RHSA-2006:0743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm",
        "url": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm"
      },
      {
        "category": "external",
        "summary": "215828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=215828"
      },
      {
        "category": "external",
        "summary": "216177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216177"
      },
      {
        "category": "external",
        "summary": "216786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216786"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0743.json"
      }
    ],
    "title": "Red Hat Security Advisory: jbossas security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:38:53+00:00",
      "generator": {
        "date": "2024-11-22T00:38:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2006:0743",
      "initial_release_date": "2006-11-27T15:42:00+00:00",
      "revision_history": [
        {
          "date": "2006-11-27T15:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-11-27T10:42:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:38:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4ES-RHWAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5750",
      "discovery_date": "2006-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
        }
      ],
      "release_date": "2006-11-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-11-27T15:42:00+00:00",
          "details": "Before applying this update, make sure that the jbossas service is not\nrunning and all previously released errata relevant to your system have\nbeen applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0743"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2006:0743

Vulnerability from csaf_redhat

Published

2006-11-27 15:42

Modified

2025-10-09 12:57

Summary

Red Hat Security Advisory: jbossas security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated jbossas package that corrects a security vulnerability is now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Application Server is a J2EE certified platform for developing and\ndeploying enterprise Java applications, Web applications, and Portals.\n\nSymantec discovered a flaw in the DeploymentFileRepository class of the\nJBoss Application Server. A remote attacker who is able to access the\nconsole manager could read or write to files with the permissions of the\nJBoss user. This could potentially lead to arbitrary code execution as the\njboss user. (CVE-2006-5750)\n\nFor the Red Hat Application Stack, the jbossas service is not enabled by\ndefault. Once the jbossas service is enabled, the console manager will\nbecome accessible on port 8080. Although port 8080 will be blocked from\noutside access by the default Red Hat Enterprise Linux firewall rules,\nusers should ensure that the console is not available publicly and is\nadequately protected by authentication as explained in the JBoss\ndocumentation. A correct configuration of the JBoss Application Server\nwould mitigate this vulnerability to only being exploitable by users who\nhave authorization to use the console manager.\n\nAll users of Red Hat Application Stack are advised to upgrade to these\nupdated packages, which resolve the directory traversal issue with a\nbackported patch.\n\nThese updated packages also contain a change to the default jbossas\nconfiguration file.  For users installing Red Hat Application Stack for the\nfirst time, all JBoss Application Server network services, including the\nmanagement consoles, will be restricted by default to localhost.  No change\nis made for users upgrading previously installed jbossas packages.  \n\nUsers who already have Red Hat Application Stack installed should check to\nmake sure that they have correctly followed the security guidelines and\nthat the management consoles are not accessible to unauthorized users.  \n\nRed Hat would like to thank Symantec for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0743",
        "url": "https://access.redhat.com/errata/RHSA-2006:0743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm",
        "url": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm"
      },
      {
        "category": "external",
        "summary": "215828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=215828"
      },
      {
        "category": "external",
        "summary": "216177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216177"
      },
      {
        "category": "external",
        "summary": "216786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216786"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0743.json"
      }
    ],
    "title": "Red Hat Security Advisory: jbossas security update",
    "tracking": {
      "current_release_date": "2025-10-09T12:57:25+00:00",
      "generator": {
        "date": "2025-10-09T12:57:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2006:0743",
      "initial_release_date": "2006-11-27T15:42:00+00:00",
      "revision_history": [
        {
          "date": "2006-11-27T15:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-11-27T10:42:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T12:57:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4ES-RHWAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5750",
      "discovery_date": "2006-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
        }
      ],
      "release_date": "2006-11-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-11-27T15:42:00+00:00",
          "details": "Before applying this update, make sure that the jbossas service is not\nrunning and all previously released errata relevant to your system have\nbeen applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0743"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

ghsa-w88w-qrrp-j36h

Vulnerability from github

Published

2022-05-01 07:31

Modified

2022-05-01 07:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5750"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-27T20:07:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
  "id": "GHSA-w88w-qrrp-j36h",
  "modified": "2022-05-01T07:31:25Z",
  "published": "2022-05-01T07:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
    },
    {
      "type": "WEB",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "type": "WEB",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "type": "WEB",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-5750

Vulnerability from fkie_nvd

Published

2006-11-27 20:07

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
secalert@redhat.com	http://jira.jboss.com/jira/browse/ASPATCH-126
secalert@redhat.com	http://jira.jboss.com/jira/browse/JBAS-3861
secalert@redhat.com	http://secunia.com/advisories/23095
secalert@redhat.com	http://secunia.com/advisories/23984
secalert@redhat.com	http://secunia.com/advisories/24104
secalert@redhat.com	http://secunia.com/advisories/29726
secalert@redhat.com	http://securitytracker.com/id?1017289
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_02_sr.html
secalert@redhat.com	http://www.osvdb.org/30767
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
secalert@redhat.com	http://www.securityfocus.com/archive/1/452830/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/452862/100/100/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/21219	Patch
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4724
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4726
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0554
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1155/references
secalert@redhat.com	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/ASPATCH-126
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/JBAS-3861
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23095
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23984
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24104
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29726
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017289
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_02_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30767
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452830/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452862/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21219	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4724
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4726
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0554
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1155/references
af854a3a-2127-422b-91ae-364da2661108	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html

Impacted products

Vendor	Product	Version
jboss	jboss_application_server	3.2.5_final
jboss	jboss_application_server	3.2.6_final
jboss	jboss_application_server	3.2.7_final
jboss	jboss_application_server	3.2.8.sp1
jboss	jboss_application_server	3.2.8_final
jboss	jboss_application_server	4.0.0_final
jboss	jboss_application_server	4.0.1_final
jboss	jboss_application_server	4.0.1_sp1
jboss	jboss_application_server	4.0.2_final
jboss	jboss_application_server	4.0.3_final
jboss	jboss_application_server	4.0.4.ga
jboss	jboss_application_server	4.0.5.ga

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA0BFE2-246F-4F9D-9698-23B7A453C627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "5415149C-6EF9-4B94-ABDA-3F52B9A871E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A5BA730-1650-4CD6-8033-AE7B90F2242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A496B6B5-C331-4354-9538-51704BC172A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EC3FC8-D370-4EA3-8FC5-CB8671A669B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "C467186E-74BB-4CC6-A4AA-144DA3A2B0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D678E52-DEE5-4A77-9504-5E62F9A6E61A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC7B567-CACB-4F07-BE1D-E7420060C4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C763991-3D3C-40A9-ADA1-1BCD70491224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D381E62-7EBD-4F40-92B4-C967C82BBEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F232BE-9181-4B28-B9ED-C947BCB754DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*",
              "matchCriteriaId": "2559DFD5-A230-467E-A720-7AE7FA9309CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en el administrador de consola."
    }
  ],
  "id": "CVE-2006-5750",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-27T20:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2006-5750

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-5750

Aliases

CVE-2006-5750

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5750",
    "description": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
    "id": "GSD-2006-5750",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-5750.html",
      "https://access.redhat.com/errata/RHSA-2006:0743",
      "https://packetstormsecurity.com/files/cve/CVE-2006-5750"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5750"
      ],
      "details": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
      "id": "GSD-2006-5750",
      "modified": "2023-12-13T01:19:56.768403Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-5750",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402",
            "refsource": "MISC",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "http://jira.jboss.com/jira/browse/ASPATCH-126",
            "refsource": "MISC",
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
          },
          {
            "name": "http://jira.jboss.com/jira/browse/JBAS-3861",
            "refsource": "MISC",
            "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
          },
          {
            "name": "http://secunia.com/advisories/23095",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23095"
          },
          {
            "name": "http://secunia.com/advisories/23984",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "http://secunia.com/advisories/24104",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/24104"
          },
          {
            "name": "http://secunia.com/advisories/29726",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29726"
          },
          {
            "name": "http://securitytracker.com/id?1017289",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1017289"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2007_02_sr.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "http://www.osvdb.org/30767",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/30767"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0743.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/452830/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/452862/100/100/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/21219",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/21219"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/4724",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/4724"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/4726",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/4726"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/0554",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/0554"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/1155/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/1155/references"
          },
          {
            "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
            "refsource": "MISC",
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-5750"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2006:0743",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
            },
            {
              "name": "http://jira.jboss.com/jira/browse/ASPATCH-126",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
            },
            {
              "name": "23095",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23095"
            },
            {
              "name": "http://jira.jboss.com/jira/browse/JBAS-3861",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
            },
            {
              "name": "21219",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/21219"
            },
            {
              "name": "1017289",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017289"
            },
            {
              "name": "30767",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/30767"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
            },
            {
              "name": "SUSE-SR:2007:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
            },
            {
              "name": "23984",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23984"
            },
            {
              "name": "24104",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24104"
            },
            {
              "name": "29726",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29726"
            },
            {
              "name": "ADV-2006-4726",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4726"
            },
            {
              "name": "ADV-2008-1155",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1155/references"
            },
            {
              "name": "ADV-2006-4724",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4724"
            },
            {
              "name": "SSRT080018",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "ADV-2007-0554",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0554"
            },
            {
              "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
            },
            {
              "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:44Z",
      "publishedDate": "2006-11-27T20:07Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-5750 (GCVE-0-2006-5750)

Vulnerability from cvelistv5

rhsa-2006:0743

Vulnerability from csaf_redhat

rhsa-2006_0743

Vulnerability from csaf_redhat

RHSA-2006:0743

Vulnerability from csaf_redhat

ghsa-w88w-qrrp-j36h

Vulnerability from github

fkie_cve-2006-5750

Vulnerability from fkie_nvd

gsd-2006-5750

Vulnerability from gsd

Tags

Sightings

Nomenclature