CVE-2006-5750

Sažetak

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
http://jira.jboss.com/jira/browse/ASPATCH-126
http://jira.jboss.com/jira/browse/JBAS-3861
http://secunia.com/advisories/23095
http://secunia.com/advisories/23984
http://secunia.com/advisories/24104
http://secunia.com/advisories/29726
http://securitytracker.com/id?1017289
http://www.novell.com/linux/security/advisories/2007_02_sr.html
http://www.osvdb.org/30767
http://www.redhat.com/support/errata/RHSA-2006-0743.html
http://www.securityfocus.com/archive/1/452830/100/0/threaded
http://www.securityfocus.com/archive/1/452862/100/100/threaded
http://www.securityfocus.com/bid/21219
http://www.vupen.com/english/advisories/2006/4724
http://www.vupen.com/english/advisories/2006/4726
http://www.vupen.com/english/advisories/2007/0554
http://www.vupen.com/english/advisories/2008/1155/references
https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:44

Objavljeno

27-11-2006 - 20:07