CVE-2009-0039
Apache Geronimo 2.1.x - Cross-Site Request Forgery (Multiple Admin Function)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la consola de administración web en Apache Geronimo Application Server 2.1 a 2.1.3 permite a atacantes remotos realizar acciones no autorizadas como administradores para peticiones que (1) cambian la contraseña de administración de la web, (2) suben aplicaciones y realizan otras acciones de administración no especificadas como es demuestrado por (3) una petición de apagado a console/portal//Server/Shutdown.
Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from multiple cross site request forgery vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-12-15 CVE Reserved
- 2009-04-16 CVE Published
- 2009-04-16 First Exploit
- 2024-01-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://dsecrg.com/pages/vul/show.php?id=120 | X_refsource_misc | |
| http://secunia.com/advisories/34715 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/502735/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2009/1089 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32922 | 2009-04-16 | |
| http://www.securityfocus.com/bid/34562 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 | 2018-10-11 | |
| http://issues.apache.org/jira/browse/GERONIMO-4597 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.1 Search vendor "Apache" for product "Geronimo" and version "2.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.1.1 Search vendor "Apache" for product "Geronimo" and version "2.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.1.2 Search vendor "Apache" for product "Geronimo" and version "2.1.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Geronimo Search vendor "Apache" for product "Geronimo" | 2.1.3 Search vendor "Apache" for product "Geronimo" and version "2.1.3" | - |
Affected
| ||||||