Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
jira.jboss.com/jira/browse/ASPATCH-126
jira.jboss.com/jira/browse/JBAS-3861
secunia.com/advisories/23095
secunia.com/advisories/23984
secunia.com/advisories/24104
secunia.com/advisories/29726
securitytracker.com/id?1017289
www.novell.com/linux/security/advisories/2007_02_sr.html
www.osvdb.org/30767
www.redhat.com/support/errata/RHSA-2006-0743.html
www.securityfocus.com/archive/1/452830/100/0/threaded
www.securityfocus.com/archive/1/452862/100/100/threaded
www.securityfocus.com/bid/21219
www.vupen.com/english/advisories/2006/4724
www.vupen.com/english/advisories/2006/4726
www.vupen.com/english/advisories/2007/0554
www.vupen.com/english/advisories/2008/1155/references
secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html