CVE-2008-5518 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group (2) artifact (3) version or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Reference

http://dsecrg.com/pages/vul/show.php?id=118 http://geronimo.apache.org/21x-security-report.html2.1.xSecurityReport-214 http://issues.apache.org/jira/browse/GERONIMO-4597 http://secunia.com/advisories/34715 http://www.securityfocus.com/archive/1/502733/100/0/threaded http://www.securityfocus.com/bid/34562 http://www.vupen.com/english/advisories/2009/1089 https://exchange.xforce.ibmcloud.com/vulnerabilities/49898 https://exchange.xforce.ibmcloud.com/vulnerabilities/49899 https://exchange.xforce.ibmcloud.com/vulnerabilities/49900 https://www.exploit-db.com/exploits/8458

Share on: