CVE-2009-0039

Name of the Vulnerable Software and Affected Versions Apache Geronimo Application Server versions 2.1 through 2.1.3

Description The issue affects the web administration console, where multiple cross-site request forgery (CSRF) vulnerabilities allow remote attackers to hijack the authentication of administrators. This can lead to unauthorized actions such as changing the web administration password, uploading applications, and performing other administrative tasks, including shutting down the server via a Shutdown request to the console/portal//Server/Shutdown endpoint.

Recommendations For Apache Geronimo Application Server versions 2.1 through 2.1.3, consider disabling access to the web administration console until a fix is available to prevent potential CSRF attacks. Restrict access to administrative actions, such as changing passwords and uploading applications, to minimize the risk of exploitation. Avoid using the console/portal//Server/Shutdown endpoint for shutdown requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.