// For flags

CVE-2006-5750

JBoss Java Class DeploymentFileRepository Directory Traversal

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar código de su elección, a través de vectores no especificados en el administrador de consola.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-06 CVE Reserved
  • 2006-11-27 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (21)
URL Tag Source
http://jira.jboss.com/jira/browse/ASPATCH-126 X_refsource_confirm
http://jira.jboss.com/jira/browse/JBAS-3861 X_refsource_confirm
http://secunia.com/advisories/23095 Third Party Advisory
http://secunia.com/advisories/23984 Third Party Advisory
http://secunia.com/advisories/24104 Third Party Advisory
http://secunia.com/advisories/29726 Third Party Advisory
http://securitytracker.com/id?1017289 Vdb Entry
http://www.osvdb.org/30767 Vdb Entry
http://www.securityfocus.com/archive/1/452830/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/452862/100/100/threaded Mailing List
http://www.vupen.com/english/advisories/2006/4724 Vdb Entry
http://www.vupen.com/english/advisories/2006/4726 Vdb Entry
http://www.vupen.com/english/advisories/2007/0554 Vdb Entry
http://www.vupen.com/english/advisories/2008/1155/references Vdb Entry
https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html X_refsource_confirm
URL Date SRC
URL Date SRC
http://www.redhat.com/support/errata/RHSA-2006-0743.html 2018-10-17
http://www.securityfocus.com/bid/21219 2018-10-17
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402 2018-10-17
http://www.novell.com/linux/security/advisories/2007_02_sr.html 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-5750 2006-11-27
https://bugzilla.redhat.com/show_bug.cgi?id=1618224 2006-11-27
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 3.2.5_final
Search vendor "Jboss" for product "Jboss Application Server" and version "3.2.5_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 3.2.6_final
Search vendor "Jboss" for product "Jboss Application Server" and version "3.2.6_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 3.2.7_final
Search vendor "Jboss" for product "Jboss Application Server" and version "3.2.7_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 3.2.8.sp1
Search vendor "Jboss" for product "Jboss Application Server" and version "3.2.8.sp1"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 3.2.8_final
Search vendor "Jboss" for product "Jboss Application Server" and version "3.2.8_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.0_final
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.0_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.1_final
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.1_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.1_sp1
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.1_sp1"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.2_final
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.3_final
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.3_final"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.4.ga
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.4.ga"
-
Affected
Jboss
Search vendor "Jboss"
 Jboss Application Server
Search vendor "Jboss" for product "Jboss Application Server"
 4.0.5.ga
Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5.ga"
-
Affected