Lucene search

K

[email protected]NVD:CVE-2009-0038

HistoryApr 17, 2009 - 2:30 p.m.

CVE-2009-0038

2009-04-1714:30:00

CWE-79

[email protected]

web.nvd.nist.gov

5

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

82.7%

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

Affected configurations

Nvd

Node

apachegeronimoMatch2.1

OR

apachegeronimoMatch2.1.1

OR

apachegeronimoMatch2.1.2

OR

apachegeronimoMatch2.1.3

References

dsecrg.com/pages/vul/show.php?id=119

geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214

issues.apache.org/jira/browse/GERONIMO-4597

secunia.com/advisories/34715

www.securityfocus.com/archive/1/502734/100/0/threaded

www.securityfocus.com/bid/34562

www.vupen.com/english/advisories/2009/1089

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

82.7%

Related for NVD:CVE-2009-0038

veracode1 prion1 osv1 github1 packetstorm1 cve1 cvelist1 openvas6 nessus3