cvelistv5 - cve-2006-5750

CVE-2006-5750 (GCVE-0-2006-5750)

Vulnerability from cvelistv5 – Published: 2006-11-27 20:00 – Updated: 2024-08-07 20:04

Summary

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/23984	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1155…	vdb-entryx_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2006-07…	vendor-advisoryx_refsource_REDHAT
	http://www.osvdb.org/30767	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/21219	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2006/4724	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/23095	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/29726	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/452862/100…	mailing-listx_refsource_BUGTRAQ
	http://jira.jboss.com/jira/browse/ASPATCH-126	x_refsource_CONFIRM
	https://secure-support.novell.com/KanisaPlatform/…	x_refsource_CONFIRM
	http://securitytracker.com/id?1017289	vdb-entryx_refsource_SECTRACK
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2007/0554	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2006/4726	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/24104	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/452830/100…	mailing-listx_refsource_BUGTRAQ
	http://jira.jboss.com/jira/browse/JBAS-3861	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:54.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "ADV-2008-1155",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1155/references"
          },
          {
            "name": "SSRT080018",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "RHSA-2006:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
          },
          {
            "name": "30767",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30767"
          },
          {
            "name": "21219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21219"
          },
          {
            "name": "ADV-2006-4724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4724"
          },
          {
            "name": "23095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23095"
          },
          {
            "name": "HPSBST02318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "29726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29726"
          },
          {
            "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
          },
          {
            "name": "1017289",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017289"
          },
          {
            "name": "SUSE-SR:2007:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "ADV-2007-0554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0554"
          },
          {
            "name": "ADV-2006-4726",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4726"
          },
          {
            "name": "24104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24104"
          },
          {
            "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "23984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23984"
        },
        {
          "name": "ADV-2008-1155",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1155/references"
        },
        {
          "name": "SSRT080018",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "RHSA-2006:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
        },
        {
          "name": "30767",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30767"
        },
        {
          "name": "21219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21219"
        },
        {
          "name": "ADV-2006-4724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4724"
        },
        {
          "name": "23095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23095"
        },
        {
          "name": "HPSBST02318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "29726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29726"
        },
        {
          "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
        },
        {
          "name": "1017289",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017289"
        },
        {
          "name": "SUSE-SR:2007:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
        },
        {
          "name": "ADV-2007-0554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0554"
        },
        {
          "name": "ADV-2006-4726",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4726"
        },
        {
          "name": "24104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24104"
        },
        {
          "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-5750",
    "datePublished": "2006-11-27T20:00:00",
    "dateReserved": "2006-11-06T00:00:00",
    "dateUpdated": "2024-08-07T20:04:54.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BA0BFE2-246F-4F9D-9698-23B7A453C627\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5415149C-6EF9-4B94-ABDA-3F52B9A871E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A5BA730-1650-4CD6-8033-AE7B90F2242F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A496B6B5-C331-4354-9538-51704BC172A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42EC3FC8-D370-4EA3-8FC5-CB8671A669B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C467186E-74BB-4CC6-A4AA-144DA3A2B0C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D678E52-DEE5-4A77-9504-5E62F9A6E61A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EC7B567-CACB-4F07-BE1D-E7420060C4E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C763991-3D3C-40A9-ADA1-1BCD70491224\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D381E62-7EBD-4F40-92B4-C967C82BBEBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0F232BE-9181-4B28-B9ED-C947BCB754DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2559DFD5-A230-467E-A720-7AE7FA9309CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\\u00f3digo de su elecci\\u00f3n, a trav\\u00e9s de vectores no especificados en el administrador de consola.\"}]",
      "id": "CVE-2006-5750",
      "lastModified": "2024-11-21T00:20:24.120",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-11-27T20:07:00.000",
      "references": "[{\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://jira.jboss.com/jira/browse/ASPATCH-126\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://jira.jboss.com/jira/browse/JBAS-3861\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/23095\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/23984\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/24104\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/29726\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1017289\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_02_sr.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/30767\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0743.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/452830/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/452862/100/100/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/21219\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4724\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4726\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0554\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1155/references\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://jira.jboss.com/jira/browse/ASPATCH-126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://jira.jboss.com/jira/browse/JBAS-3861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29726\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_02_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/30767\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0743.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/452830/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/452862/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/21219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4724\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4726\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1155/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5750\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-11-27T20:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en el administrador de consola.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA0BFE2-246F-4F9D-9698-23B7A453C627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5415149C-6EF9-4B94-ABDA-3F52B9A871E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A5BA730-1650-4CD6-8033-AE7B90F2242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A496B6B5-C331-4354-9538-51704BC172A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EC3FC8-D370-4EA3-8FC5-CB8671A669B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C467186E-74BB-4CC6-A4AA-144DA3A2B0C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D678E52-DEE5-4A77-9504-5E62F9A6E61A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC7B567-CACB-4F07-BE1D-E7420060C4E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C763991-3D3C-40A9-ADA1-1BCD70491224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D381E62-7EBD-4F40-92B4-C967C82BBEBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F232BE-9181-4B28-B9ED-C947BCB754DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2559DFD5-A230-467E-A720-7AE7FA9309CD\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jira.jboss.com/jira/browse/ASPATCH-126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jira.jboss.com/jira/browse/JBAS-3861\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/23095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/24104\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29726\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1017289\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/30767\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0743.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/452830/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/452862/100/100/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/21219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4724\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4726\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0554\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1155/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jira.jboss.com/jira/browse/ASPATCH-126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jira.jboss.com/jira/browse/JBAS-3861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/30767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0743.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/452830/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/452862/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1155/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans HP Storage Essentials permet de contourner la politique de sécurité.

Description

Une vulnérabilité dans le composant JBoss des applications utilisant HP Storage Essentials permet à un individu malintentionné de contourner à distance la politique de sécurité associées aux données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Storage Essentials Software versions 5.1.0 et 6.0.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01390402 du 08 avril 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP Storage Essentials Software versions  5.1.0 et 6.0.0.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le composant JBoss des applications utilisant HP\nStorage Essentials permet \u00e0 un individu malintentionn\u00e9 de contourner \u00e0\ndistance la politique de s\u00e9curit\u00e9 associ\u00e9es aux donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-202",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans HP Storage Essentials permet de contourner la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans HP Storage Essentials",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01390402 du 08 avril 2008",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    }
  ]
}

CERTA-2008-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans HP Storage Essentials permet de contourner la politique de sécurité.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Storage Essentials Software versions 5.1.0 et 6.0.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01390402 du 08 avril 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP Storage Essentials Software versions  5.1.0 et 6.0.0.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le composant JBoss des applications utilisant HP\nStorage Essentials permet \u00e0 un individu malintentionn\u00e9 de contourner \u00e0\ndistance la politique de s\u00e9curit\u00e9 associ\u00e9es aux donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-202",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans HP Storage Essentials permet de contourner la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans HP Storage Essentials",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01390402 du 08 avril 2008",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    }
  ]
}

RHSA-2006:0743

Vulnerability from csaf_redhat - Published: 2006-11-27 15:42 - Updated: 2025-11-21 17:30

Summary

Red Hat Security Advisory: jbossas security update

Notes

Topic

An updated jbossas package that corrects a security vulnerability is now available for Red Hat Application Stack. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

JBoss Application Server is a J2EE certified platform for developing and deploying enterprise Java applications, Web applications, and Portals. Symantec discovered a flaw in the DeploymentFileRepository class of the JBoss Application Server. A remote attacker who is able to access the console manager could read or write to files with the permissions of the JBoss user. This could potentially lead to arbitrary code execution as the jboss user. (CVE-2006-5750) For the Red Hat Application Stack, the jbossas service is not enabled by default. Once the jbossas service is enabled, the console manager will become accessible on port 8080. Although port 8080 will be blocked from outside access by the default Red Hat Enterprise Linux firewall rules, users should ensure that the console is not available publicly and is adequately protected by authentication as explained in the JBoss documentation. A correct configuration of the JBoss Application Server would mitigate this vulnerability to only being exploitable by users who have authorization to use the console manager. All users of Red Hat Application Stack are advised to upgrade to these updated packages, which resolve the directory traversal issue with a backported patch. These updated packages also contain a change to the default jbossas configuration file. For users installing Red Hat Application Stack for the first time, all JBoss Application Server network services, including the management consoles, will be restricted by default to localhost. No change is made for users upgrading previously installed jbossas packages. Users who already have Red Hat Application Stack installed should check to make sure that they have correctly followed the security guidelines and that the management consoles are not accessible to unauthorized users. Red Hat would like to thank Symantec for reporting this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated jbossas package that corrects a security vulnerability is now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Application Server is a J2EE certified platform for developing and\ndeploying enterprise Java applications, Web applications, and Portals.\n\nSymantec discovered a flaw in the DeploymentFileRepository class of the\nJBoss Application Server. A remote attacker who is able to access the\nconsole manager could read or write to files with the permissions of the\nJBoss user. This could potentially lead to arbitrary code execution as the\njboss user. (CVE-2006-5750)\n\nFor the Red Hat Application Stack, the jbossas service is not enabled by\ndefault. Once the jbossas service is enabled, the console manager will\nbecome accessible on port 8080. Although port 8080 will be blocked from\noutside access by the default Red Hat Enterprise Linux firewall rules,\nusers should ensure that the console is not available publicly and is\nadequately protected by authentication as explained in the JBoss\ndocumentation. A correct configuration of the JBoss Application Server\nwould mitigate this vulnerability to only being exploitable by users who\nhave authorization to use the console manager.\n\nAll users of Red Hat Application Stack are advised to upgrade to these\nupdated packages, which resolve the directory traversal issue with a\nbackported patch.\n\nThese updated packages also contain a change to the default jbossas\nconfiguration file.  For users installing Red Hat Application Stack for the\nfirst time, all JBoss Application Server network services, including the\nmanagement consoles, will be restricted by default to localhost.  No change\nis made for users upgrading previously installed jbossas packages.  \n\nUsers who already have Red Hat Application Stack installed should check to\nmake sure that they have correctly followed the security guidelines and\nthat the management consoles are not accessible to unauthorized users.  \n\nRed Hat would like to thank Symantec for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0743",
        "url": "https://access.redhat.com/errata/RHSA-2006:0743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm",
        "url": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm"
      },
      {
        "category": "external",
        "summary": "215828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=215828"
      },
      {
        "category": "external",
        "summary": "216177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216177"
      },
      {
        "category": "external",
        "summary": "216786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216786"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0743.json"
      }
    ],
    "title": "Red Hat Security Advisory: jbossas security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:30:59+00:00",
      "generator": {
        "date": "2025-11-21T17:30:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0743",
      "initial_release_date": "2006-11-27T15:42:00+00:00",
      "revision_history": [
        {
          "date": "2006-11-27T15:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-11-27T10:42:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:30:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4ES-RHWAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5750",
      "discovery_date": "2006-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
        }
      ],
      "release_date": "2006-11-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-11-27T15:42:00+00:00",
          "details": "Before applying this update, make sure that the jbossas service is not\nrunning and all previously released errata relevant to your system have\nbeen applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0743"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2006_0743

Vulnerability from csaf_redhat - Published: 2006-11-27 15:42 - Updated: 2024-11-22 00:38

Summary

Red Hat Security Advisory: jbossas security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated jbossas package that corrects a security vulnerability is now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Application Server is a J2EE certified platform for developing and\ndeploying enterprise Java applications, Web applications, and Portals.\n\nSymantec discovered a flaw in the DeploymentFileRepository class of the\nJBoss Application Server. A remote attacker who is able to access the\nconsole manager could read or write to files with the permissions of the\nJBoss user. This could potentially lead to arbitrary code execution as the\njboss user. (CVE-2006-5750)\n\nFor the Red Hat Application Stack, the jbossas service is not enabled by\ndefault. Once the jbossas service is enabled, the console manager will\nbecome accessible on port 8080. Although port 8080 will be blocked from\noutside access by the default Red Hat Enterprise Linux firewall rules,\nusers should ensure that the console is not available publicly and is\nadequately protected by authentication as explained in the JBoss\ndocumentation. A correct configuration of the JBoss Application Server\nwould mitigate this vulnerability to only being exploitable by users who\nhave authorization to use the console manager.\n\nAll users of Red Hat Application Stack are advised to upgrade to these\nupdated packages, which resolve the directory traversal issue with a\nbackported patch.\n\nThese updated packages also contain a change to the default jbossas\nconfiguration file.  For users installing Red Hat Application Stack for the\nfirst time, all JBoss Application Server network services, including the\nmanagement consoles, will be restricted by default to localhost.  No change\nis made for users upgrading previously installed jbossas packages.  \n\nUsers who already have Red Hat Application Stack installed should check to\nmake sure that they have correctly followed the security guidelines and\nthat the management consoles are not accessible to unauthorized users.  \n\nRed Hat would like to thank Symantec for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0743",
        "url": "https://access.redhat.com/errata/RHSA-2006:0743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm",
        "url": "http://kbase.redhat.com/faq/FAQ_107_9629.shtm"
      },
      {
        "category": "external",
        "summary": "215828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=215828"
      },
      {
        "category": "external",
        "summary": "216177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216177"
      },
      {
        "category": "external",
        "summary": "216786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=216786"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0743.json"
      }
    ],
    "title": "Red Hat Security Advisory: jbossas security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:38:53+00:00",
      "generator": {
        "date": "2024-11-22T00:38:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2006:0743",
      "initial_release_date": "2006-11-27T15:42:00+00:00",
      "revision_history": [
        {
          "date": "2006-11-27T15:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-11-27T10:42:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:38:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                "product": {
                  "name": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_id": "jbossas-0:4.0.4-1.el4s1.25.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.0.4-1.el4s1.25?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.0.4-1.el4s1.25.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        },
        "product_reference": "jbossas-0:4.0.4-1.el4s1.25.src",
        "relates_to_product_reference": "4ES-RHWAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5750",
      "discovery_date": "2006-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
          "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
        }
      ],
      "release_date": "2006-11-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-11-27T15:42:00+00:00",
          "details": "Before applying this update, make sure that the jbossas service is not\nrunning and all previously released errata relevant to your system have\nbeen applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4AS-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.noarch",
            "4ES-RHWAS:jbossas-0:4.0.4-1.el4s1.25.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0743"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GHSA-W88W-QRRP-J36H

Vulnerability from github – Published: 2022-05-01 07:31 – Updated: 2022-05-01 07:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5750"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-27T20:07:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
  "id": "GHSA-w88w-qrrp-j36h",
  "modified": "2022-05-01T07:31:25Z",
  "published": "2022-05-01T07:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5750"
    },
    {
      "type": "WEB",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "type": "WEB",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "type": "WEB",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-5750

Vulnerability from fkie_nvd - Published: 2006-11-27 20:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
secalert@redhat.com	http://jira.jboss.com/jira/browse/ASPATCH-126
secalert@redhat.com	http://jira.jboss.com/jira/browse/JBAS-3861
secalert@redhat.com	http://secunia.com/advisories/23095
secalert@redhat.com	http://secunia.com/advisories/23984
secalert@redhat.com	http://secunia.com/advisories/24104
secalert@redhat.com	http://secunia.com/advisories/29726
secalert@redhat.com	http://securitytracker.com/id?1017289
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_02_sr.html
secalert@redhat.com	http://www.osvdb.org/30767
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
secalert@redhat.com	http://www.securityfocus.com/archive/1/452830/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/452862/100/100/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/21219	Patch
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4724
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4726
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0554
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1155/references
secalert@redhat.com	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/ASPATCH-126
af854a3a-2127-422b-91ae-364da2661108	http://jira.jboss.com/jira/browse/JBAS-3861
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23095
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23984
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24104
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29726
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017289
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_02_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30767
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0743.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452830/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/452862/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21219	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4724
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4726
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0554
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1155/references
af854a3a-2127-422b-91ae-364da2661108	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html

Impacted products

Vendor	Product	Version
jboss	jboss_application_server	3.2.5_final
jboss	jboss_application_server	3.2.6_final
jboss	jboss_application_server	3.2.7_final
jboss	jboss_application_server	3.2.8.sp1
jboss	jboss_application_server	3.2.8_final
jboss	jboss_application_server	4.0.0_final
jboss	jboss_application_server	4.0.1_final
jboss	jboss_application_server	4.0.1_sp1
jboss	jboss_application_server	4.0.2_final
jboss	jboss_application_server	4.0.3_final
jboss	jboss_application_server	4.0.4.ga
jboss	jboss_application_server	4.0.5.ga

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA0BFE2-246F-4F9D-9698-23B7A453C627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "5415149C-6EF9-4B94-ABDA-3F52B9A871E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A5BA730-1650-4CD6-8033-AE7B90F2242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A496B6B5-C331-4354-9538-51704BC172A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EC3FC8-D370-4EA3-8FC5-CB8671A669B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "C467186E-74BB-4CC6-A4AA-144DA3A2B0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D678E52-DEE5-4A77-9504-5E62F9A6E61A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC7B567-CACB-4F07-BE1D-E7420060C4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C763991-3D3C-40A9-ADA1-1BCD70491224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D381E62-7EBD-4F40-92B4-C967C82BBEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F232BE-9181-4B28-B9ED-C947BCB754DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*",
              "matchCriteriaId": "2559DFD5-A230-467E-A720-7AE7FA9309CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en el administrador de consola."
    }
  ],
  "id": "CVE-2006-5750",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-27T20:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1155/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-5750

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5750

Aliases

CVE-2006-5750

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5750",
    "description": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
    "id": "GSD-2006-5750",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-5750.html",
      "https://access.redhat.com/errata/RHSA-2006:0743",
      "https://packetstormsecurity.com/files/cve/CVE-2006-5750"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5750"
      ],
      "details": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.",
      "id": "GSD-2006-5750",
      "modified": "2023-12-13T01:19:56.768403Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-5750",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402",
            "refsource": "MISC",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "http://jira.jboss.com/jira/browse/ASPATCH-126",
            "refsource": "MISC",
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
          },
          {
            "name": "http://jira.jboss.com/jira/browse/JBAS-3861",
            "refsource": "MISC",
            "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
          },
          {
            "name": "http://secunia.com/advisories/23095",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23095"
          },
          {
            "name": "http://secunia.com/advisories/23984",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "http://secunia.com/advisories/24104",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/24104"
          },
          {
            "name": "http://secunia.com/advisories/29726",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29726"
          },
          {
            "name": "http://securitytracker.com/id?1017289",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1017289"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2007_02_sr.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "http://www.osvdb.org/30767",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/30767"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0743.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/452830/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/452862/100/100/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/21219",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/21219"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/4724",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/4724"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/4726",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/4726"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/0554",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/0554"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/1155/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/1155/references"
          },
          {
            "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
            "refsource": "MISC",
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-5750"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2006:0743",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
            },
            {
              "name": "http://jira.jboss.com/jira/browse/ASPATCH-126",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
            },
            {
              "name": "23095",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23095"
            },
            {
              "name": "http://jira.jboss.com/jira/browse/JBAS-3861",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
            },
            {
              "name": "21219",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/21219"
            },
            {
              "name": "1017289",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017289"
            },
            {
              "name": "30767",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/30767"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
            },
            {
              "name": "SUSE-SR:2007:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
            },
            {
              "name": "23984",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23984"
            },
            {
              "name": "24104",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24104"
            },
            {
              "name": "29726",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29726"
            },
            {
              "name": "ADV-2006-4726",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4726"
            },
            {
              "name": "ADV-2008-1155",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1155/references"
            },
            {
              "name": "ADV-2006-4724",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4724"
            },
            {
              "name": "SSRT080018",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "ADV-2007-0554",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0554"
            },
            {
              "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
            },
            {
              "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:44Z",
      "publishedDate": "2006-11-27T20:07Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5750 (GCVE-0-2006-5750)

CERTA-2008-AVI-202

Description

Solution

CERTA-2008-AVI-202

Description

Solution

RHSA-2006:0743

RHSA-2006_0743

GHSA-W88W-QRRP-J36H

FKIE_CVE-2006-5750

GSD-2006-5750

Tags

Sightings

Nomenclature