CVE-2008-5518 : Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Published 2009-04-17 14:30:01

Updated 2018-10-11 20:55:45

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2008-5518

Probability of exploitation activity in the next 30 days: 0.55%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5518

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.4	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:N	10.0	9.2	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2008-5518

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5518

http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214

Apache Geronimo : 2.1.x Security Report
Patch;Vendor Advisory

CVEs referencing this url
http://dsecrg.com/pages/vul/show.php?id=118

Exploit
http://www.securityfocus.com/archive/1/502733/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/49898

Apache Geronimo Services/Repository directory traversal CVE-2008-5518 Vulnerability Report
http://issues.apache.org/jira/browse/GERONIMO-4597

[GERONIMO-4597] Validate Web Admin Console input - address admin console security vulnerabilities - ASF JIRA
Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/49899

Vulnerability Report
http://www.securityfocus.com/bid/34562

Exploit

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1089

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://www.exploit-db.com/exploits/8458

Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities - Multiple remote Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/49900

Vulnerability Report

Products affected by CVE-2008-5518

Apache » Geronimo » Version: 2.1
cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apache » Geronimo » Version: 2.1.2
cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apache » Geronimo » Version: 2.1.3
cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apache » Geronimo » Version: 2.1.1
cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows

Vulnerability Details : CVE-2008-5518

Exploit prediction scoring system (EPSS) score for CVE-2008-5518

CVSS scores for CVE-2008-5518

CWE ids for CVE-2008-5518

References for CVE-2008-5518

Products affected by CVE-2008-5518