PT-2006-6437 · Red Hat · Jboss Application Server

Published

2006-11-27

Updated

2018-10-17

CVE-2006-5750

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: JBoss Application Server versions 3.2.4 through 4.0.5

Description: A directory traversal issue in the DeploymentFileRepository class allows remote authenticated users to access, modify, or potentially execute arbitrary files via unspecified vectors related to the console manager.

Recommendations: For JBoss Application Server versions 3.2.4 through 4.0.5, consider restricting access to the DeploymentFileRepository class until a fix is available. As a temporary workaround, limit the privileges of remote authenticated users to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5750

RHSA-2006:0743

Affected Products

Jboss Application Server

PT-2006-6437 · Red Hat · Jboss Application Server

CVE-2006-5750

Related Identifiers

Affected Products

References · 21