Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for jboss_application_server by jboss

    CVE-2007-1354 (GCVE-0-2007-1354)

    Vulnerability from nvd – Published: 2007-07-27 21:00 – Updated: 2024-08-07 12:50
    VLAI
    Summary
    The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2007-0151.html vendor-advisoryx_refsource_REDHAT
    http://jira.jboss.com/jira/browse/ASPATCH-172 x_refsource_CONFIRM
    http://www.redhat.com/archives/jboss-watch-list/2… mailing-listx_refsource_MLIST
    http://jira.jboss.com/jira/browse/ASPATCH-175 x_refsource_CONFIRM
    http://osvdb.org/46765 vdb-entryx_refsource_OSVDB
    Date Public
    2007-04-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:50:35.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2007:0151",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
              },
              {
                "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
              },
              {
                "name": "46765",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46765"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2007:0151",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
            },
            {
              "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
            },
            {
              "name": "46765",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46765"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-1354",
        "datePublished": "2007-07-27T21:00:00.000Z",
        "dateReserved": "2007-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:50:35.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1036 (GCVE-0-2007-1036)

    Vulnerability from nvd – Published: 2007-02-21 11:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
              },
              {
                "name": "1017677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017677"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
              },
              {
                "name": "jboss-admin-unauth-access(32596)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
              },
              {
                "name": "VU#632656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/632656"
              },
              {
                "name": "20070220 Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
              },
              {
                "name": "33744",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33744"
              },
              {
                "name": "20070220 Re: Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
              },
              {
                "name": "20070220 Re: Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
            },
            {
              "name": "1017677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017677"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
            },
            {
              "name": "jboss-admin-unauth-access(32596)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
            },
            {
              "name": "VU#632656",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/632656"
            },
            {
              "name": "20070220 Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
            },
            {
              "name": "33744",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33744"
            },
            {
              "name": "20070220 Re: Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
            },
            {
              "name": "20070220 Re: Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss",
                  "refsource": "MISC",
                  "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
                },
                {
                  "name": "1017677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017677"
                },
                {
                  "name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole",
                  "refsource": "MISC",
                  "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
                },
                {
                  "name": "jboss-admin-unauth-access(32596)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
                },
                {
                  "name": "VU#632656",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/632656"
                },
                {
                  "name": "20070220 Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
                },
                {
                  "name": "33744",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33744"
                },
                {
                  "name": "20070220 Re: Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
                },
                {
                  "name": "20070220 Re: Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1036",
        "datePublished": "2007-02-21T11:00:00.000Z",
        "dateReserved": "2007-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5750 (GCVE-0-2006-5750)

    Vulnerability from nvd – Published: 2006-11-27 20:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/23984 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1155… vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2006-07… vendor-advisoryx_refsource_REDHAT
    http://www.osvdb.org/30767 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/21219 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/4724 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23095 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29726 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/452862/100… mailing-listx_refsource_BUGTRAQ
    http://jira.jboss.com/jira/browse/ASPATCH-126 x_refsource_CONFIRM
    https://secure-support.novell.com/KanisaPlatform/… x_refsource_CONFIRM
    http://securitytracker.com/id?1017289 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2007/0554 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/4726 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/24104 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/452830/100… mailing-listx_refsource_BUGTRAQ
    http://jira.jboss.com/jira/browse/JBAS-3861 x_refsource_CONFIRM
    Date Public
    2006-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:54.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23984",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23984"
              },
              {
                "name": "ADV-2008-1155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1155/references"
              },
              {
                "name": "SSRT080018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
              },
              {
                "name": "RHSA-2006:0743",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
              },
              {
                "name": "30767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30767"
              },
              {
                "name": "21219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21219"
              },
              {
                "name": "ADV-2006-4724",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4724"
              },
              {
                "name": "23095",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23095"
              },
              {
                "name": "HPSBST02318",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
              },
              {
                "name": "29726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29726"
              },
              {
                "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
              },
              {
                "name": "1017289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017289"
              },
              {
                "name": "SUSE-SR:2007:002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
              },
              {
                "name": "ADV-2007-0554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0554"
              },
              {
                "name": "ADV-2006-4726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4726"
              },
              {
                "name": "24104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24104"
              },
              {
                "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "23984",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23984"
            },
            {
              "name": "ADV-2008-1155",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1155/references"
            },
            {
              "name": "SSRT080018",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "RHSA-2006:0743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
            },
            {
              "name": "30767",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30767"
            },
            {
              "name": "21219",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21219"
            },
            {
              "name": "ADV-2006-4724",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4724"
            },
            {
              "name": "23095",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23095"
            },
            {
              "name": "HPSBST02318",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "29726",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29726"
            },
            {
              "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
            },
            {
              "name": "1017289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017289"
            },
            {
              "name": "SUSE-SR:2007:002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
            },
            {
              "name": "ADV-2007-0554",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0554"
            },
            {
              "name": "ADV-2006-4726",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4726"
            },
            {
              "name": "24104",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24104"
            },
            {
              "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-5750",
        "datePublished": "2006-11-27T20:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:54.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1354 (GCVE-0-2007-1354)

    Vulnerability from cvelistv5 – Published: 2007-07-27 21:00 – Updated: 2024-08-07 12:50
    VLAI
    Summary
    The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2007-0151.html vendor-advisoryx_refsource_REDHAT
    http://jira.jboss.com/jira/browse/ASPATCH-172 x_refsource_CONFIRM
    http://www.redhat.com/archives/jboss-watch-list/2… mailing-listx_refsource_MLIST
    http://jira.jboss.com/jira/browse/ASPATCH-175 x_refsource_CONFIRM
    http://osvdb.org/46765 vdb-entryx_refsource_OSVDB
    Date Public
    2007-04-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:50:35.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2007:0151",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
              },
              {
                "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
              },
              {
                "name": "46765",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46765"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2007:0151",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
            },
            {
              "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
            },
            {
              "name": "46765",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46765"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-1354",
        "datePublished": "2007-07-27T21:00:00.000Z",
        "dateReserved": "2007-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:50:35.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1036 (GCVE-0-2007-1036)

    Vulnerability from cvelistv5 – Published: 2007-02-21 11:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
              },
              {
                "name": "1017677",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017677"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
              },
              {
                "name": "jboss-admin-unauth-access(32596)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
              },
              {
                "name": "VU#632656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/632656"
              },
              {
                "name": "20070220 Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
              },
              {
                "name": "33744",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33744"
              },
              {
                "name": "20070220 Re: Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
              },
              {
                "name": "20070220 Re: Jboss vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
            },
            {
              "name": "1017677",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017677"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
            },
            {
              "name": "jboss-admin-unauth-access(32596)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
            },
            {
              "name": "VU#632656",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/632656"
            },
            {
              "name": "20070220 Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
            },
            {
              "name": "33744",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33744"
            },
            {
              "name": "20070220 Re: Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
            },
            {
              "name": "20070220 Re: Jboss vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss",
                  "refsource": "MISC",
                  "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
                },
                {
                  "name": "1017677",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017677"
                },
                {
                  "name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole",
                  "refsource": "MISC",
                  "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
                },
                {
                  "name": "jboss-admin-unauth-access(32596)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
                },
                {
                  "name": "VU#632656",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/632656"
                },
                {
                  "name": "20070220 Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
                },
                {
                  "name": "33744",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33744"
                },
                {
                  "name": "20070220 Re: Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
                },
                {
                  "name": "20070220 Re: Jboss vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1036",
        "datePublished": "2007-02-21T11:00:00.000Z",
        "dateReserved": "2007-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5750 (GCVE-0-2006-5750)

    Vulnerability from cvelistv5 – Published: 2006-11-27 20:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/23984 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1155… vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2006-07… vendor-advisoryx_refsource_REDHAT
    http://www.osvdb.org/30767 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/21219 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/4724 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/23095 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29726 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/452862/100… mailing-listx_refsource_BUGTRAQ
    http://jira.jboss.com/jira/browse/ASPATCH-126 x_refsource_CONFIRM
    https://secure-support.novell.com/KanisaPlatform/… x_refsource_CONFIRM
    http://securitytracker.com/id?1017289 vdb-entryx_refsource_SECTRACK
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2007/0554 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/4726 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/24104 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/452830/100… mailing-listx_refsource_BUGTRAQ
    http://jira.jboss.com/jira/browse/JBAS-3861 x_refsource_CONFIRM
    Date Public
    2006-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:54.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23984",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23984"
              },
              {
                "name": "ADV-2008-1155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1155/references"
              },
              {
                "name": "SSRT080018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
              },
              {
                "name": "RHSA-2006:0743",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
              },
              {
                "name": "30767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30767"
              },
              {
                "name": "21219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21219"
              },
              {
                "name": "ADV-2006-4724",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4724"
              },
              {
                "name": "23095",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23095"
              },
              {
                "name": "HPSBST02318",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
              },
              {
                "name": "29726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29726"
              },
              {
                "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
              },
              {
                "name": "1017289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017289"
              },
              {
                "name": "SUSE-SR:2007:002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
              },
              {
                "name": "ADV-2007-0554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0554"
              },
              {
                "name": "ADV-2006-4726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4726"
              },
              {
                "name": "24104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24104"
              },
              {
                "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "23984",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23984"
            },
            {
              "name": "ADV-2008-1155",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1155/references"
            },
            {
              "name": "SSRT080018",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "RHSA-2006:0743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
            },
            {
              "name": "30767",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30767"
            },
            {
              "name": "21219",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21219"
            },
            {
              "name": "ADV-2006-4724",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4724"
            },
            {
              "name": "23095",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23095"
            },
            {
              "name": "HPSBST02318",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
            },
            {
              "name": "29726",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29726"
            },
            {
              "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
            },
            {
              "name": "1017289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017289"
            },
            {
              "name": "SUSE-SR:2007:002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
            },
            {
              "name": "ADV-2007-0554",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0554"
            },
            {
              "name": "ADV-2006-4726",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4726"
            },
            {
              "name": "24104",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24104"
            },
            {
              "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-5750",
        "datePublished": "2006-11-27T20:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:54.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }