CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
97.4%
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Vendor | Product | Version | CPE |
---|---|---|---|
jboss | jboss_application_server | 3.2.5_final | cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 3.2.6_final | cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 3.2.7_final | cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 3.2.8.sp1 | cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:* |
jboss | jboss_application_server | 3.2.8_final | cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 4.0.0_final | cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 4.0.1_final | cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 4.0.1_sp1 | cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:* |
jboss | jboss_application_server | 4.0.2_final | cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:* |
jboss | jboss_application_server | 4.0.3_final | cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:* |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
jira.jboss.com/jira/browse/ASPATCH-126
jira.jboss.com/jira/browse/JBAS-3861
secunia.com/advisories/23095
secunia.com/advisories/23984
secunia.com/advisories/24104
secunia.com/advisories/29726
securitytracker.com/id?1017289
www.novell.com/linux/security/advisories/2007_02_sr.html
www.osvdb.org/30767
www.redhat.com/support/errata/RHSA-2006-0743.html
www.securityfocus.com/archive/1/452830/100/0/threaded
www.securityfocus.com/archive/1/452862/100/100/threaded
www.securityfocus.com/bid/21219
www.vupen.com/english/advisories/2006/4724
www.vupen.com/english/advisories/2006/4726
www.vupen.com/english/advisories/2007/0554
www.vupen.com/english/advisories/2008/1155/references
secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html