7.5

CVE-2006-5750

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JbossJboss Application Server Version3.2.5_final
JbossJboss Application Server Version3.2.6_final
JbossJboss Application Server Version3.2.7_final
JbossJboss Application Server Version3.2.8.sp1
JbossJboss Application Server Version3.2.8_final
JbossJboss Application Server Version4.0.0_final
JbossJboss Application Server Version4.0.1_final
JbossJboss Application Server Version4.0.1_sp1
JbossJboss Application Server Version4.0.2_final
JbossJboss Application Server Version4.0.3_final
JbossJboss Application Server Version4.0.4.ga
JbossJboss Application Server Version4.0.5.ga
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.51% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
http://jira.jboss.com/jira/browse/ASPATCH-126
http://jira.jboss.com/jira/browse/JBAS-3861
http://secunia.com/advisories/23095
http://secunia.com/advisories/23984
http://secunia.com/advisories/24104
http://secunia.com/advisories/29726
http://securitytracker.com/id?1017289
http://www.novell.com/linux/security/advisories/2007_02_sr.html
http://www.osvdb.org/30767
http://www.redhat.com/support/errata/RHSA-2006-0743.html
Patch
http://www.securityfocus.com/archive/1/452830/100/0/threaded
http://www.securityfocus.com/archive/1/452862/100/100/threaded
http://www.securityfocus.com/bid/21219
Patch
http://www.vupen.com/english/advisories/2006/4724
http://www.vupen.com/english/advisories/2006/4726
http://www.vupen.com/english/advisories/2007/0554
http://www.vupen.com/english/advisories/2008/1155/references
https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html