Vulnerability Details CVE-2006-5750
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.333
EPSS Ranking 96.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://jira.jboss.com/jira/browse/ASPATCH-126
- http://jira.jboss.com/jira/browse/JBAS-3861
- http://secunia.com/advisories/23095
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24104
- http://secunia.com/advisories/29726
- http://securitytracker.com/id?1017289
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://www.osvdb.org/30767
- http://www.redhat.com/support/errata/RHSA-2006-0743.html
- http://www.securityfocus.com/archive/1/452830/100/0/threaded
- http://www.securityfocus.com/archive/1/452862/100/100/threaded
- http://www.securityfocus.com/bid/21219
- http://www.vupen.com/english/advisories/2006/4724
- http://www.vupen.com/english/advisories/2006/4726
- http://www.vupen.com/english/advisories/2007/0554
- http://www.vupen.com/english/advisories/2008/1155/references
- https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://jira.jboss.com/jira/browse/ASPATCH-126
- http://jira.jboss.com/jira/browse/JBAS-3861
- http://secunia.com/advisories/23095
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24104
- http://secunia.com/advisories/29726
- http://securitytracker.com/id?1017289
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://www.osvdb.org/30767
- http://www.redhat.com/support/errata/RHSA-2006-0743.html
- http://www.securityfocus.com/archive/1/452830/100/0/threaded
- http://www.securityfocus.com/archive/1/452862/100/100/threaded
- http://www.securityfocus.com/bid/21219
- http://www.vupen.com/english/advisories/2006/4724
- http://www.vupen.com/english/advisories/2006/4726
- http://www.vupen.com/english/advisories/2007/0554
- http://www.vupen.com/english/advisories/2008/1155/references
- https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
Products affected by CVE-2006-5750
-
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final
-
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final
-
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final
-
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1
-
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final
-
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final
-
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final
-
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1
-
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final
-
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final
-
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga
-
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga