Vulnerabilities > CVE-2006-5750 - Unspecified vulnerability in Jboss Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN jboss
nessus
Summary
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_JBOSS4-2304.NASL description This update fixes a problem in the JBOSS server where it was possible to potentially execute code if the console manager was enabled. (CVE-2006-5750) last seen 2020-06-01 modified 2020-06-02 plugin id 27282 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27282 title openSUSE 10 Security Update : jboss4 (jboss4-2304) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update jboss4-2304. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27282); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5750"); script_name(english:"openSUSE 10 Security Update : jboss4 (jboss4-2304)"); script_summary(english:"Check for the jboss4-2304 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a problem in the JBOSS server where it was possible to potentially execute code if the console manager was enabled. (CVE-2006-5750)" ); script_set_attribute( attribute:"solution", value:"Update the affected jboss4 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jboss4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"jboss4-4.0.3SP1-11.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jboss4"); }
NASL family SuSE Local Security Checks NASL id SUSE_JBOSS-2309.NASL description This update fixes a problem in the JBOSS server where it was possible to potentially execute code if the console manager was enabled. (CVE-2006-5750) last seen 2020-06-01 modified 2020-06-02 plugin id 27281 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27281 title openSUSE 10 Security Update : jboss (jboss-2309) NASL family CGI abuses NASL id JBOSS_DEPLOYMENTFILEREPOSITORY_DIR_TRAVERSAL.NASL description The remote web server appears to be a version of JBoss that fails to sanitize user-supplied input to the BaseDir parameter used by the last seen 2020-06-01 modified 2020-06-02 plugin id 23843 published 2006-12-14 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23843 title JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation
Packetstorm
data source | https://packetstormsecurity.com/files/download/89294/jboss_deploymentfilerepository.rb.txt |
id | PACKETSTORM:89294 |
last seen | 2016-12-05 |
published | 2010-05-08 |
reporter | MC |
source | https://packetstormsecurity.com/files/89294/JBoss-Java-Class-DeploymentFileRepository-Directory-Traversal.html |
title | JBoss Java Class DeploymentFileRepository Directory Traversal |
Redhat
advisories |
| ||||
rpms | jbossas-0:4.0.4-1.el4s1.25 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 21219 CVE ID: CVE-2006-5750 Jboss是非常流行的开源J2EE应用服务器。 JBoss应用服务器的DeploymentFileRepository类没有正确地过滤用户提供输入,通过认证的远程用户可以通过向默认监听于 8080端口上的控制台管理器提交恶意请求执行目录遍历攻击,导致读取、删除、覆盖或修改任意文件,最终可以在系统上执行任意命令。 JBoss Group JBoss Application Server 4.0.4 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2006:0743-01)以及相应补丁: RHSA-2006:0743-01:Critical: jbossas security update 链接:https://rhn.redhat.com/errata/RHSA-2006-0743.html JBoss Group ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://jira.jboss.com/jira/browse/ASPATCH-126 |
id | SSV:19811 |
last seen | 2017-11-19 |
modified | 2010-06-18 |
published | 2010-06-18 |
reporter | Root |
title | JBoss应用服务器DeploymentFileRepository类目录遍历漏洞 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://jira.jboss.com/jira/browse/ASPATCH-126
- http://jira.jboss.com/jira/browse/ASPATCH-126
- http://jira.jboss.com/jira/browse/JBAS-3861
- http://jira.jboss.com/jira/browse/JBAS-3861
- http://secunia.com/advisories/23095
- http://secunia.com/advisories/23095
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24104
- http://secunia.com/advisories/24104
- http://secunia.com/advisories/29726
- http://secunia.com/advisories/29726
- http://securitytracker.com/id?1017289
- http://securitytracker.com/id?1017289
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://www.osvdb.org/30767
- http://www.osvdb.org/30767
- http://www.redhat.com/support/errata/RHSA-2006-0743.html
- http://www.redhat.com/support/errata/RHSA-2006-0743.html
- http://www.securityfocus.com/archive/1/452830/100/0/threaded
- http://www.securityfocus.com/archive/1/452830/100/0/threaded
- http://www.securityfocus.com/archive/1/452862/100/100/threaded
- http://www.securityfocus.com/archive/1/452862/100/100/threaded
- http://www.securityfocus.com/bid/21219
- http://www.securityfocus.com/bid/21219
- http://www.vupen.com/english/advisories/2006/4724
- http://www.vupen.com/english/advisories/2006/4724
- http://www.vupen.com/english/advisories/2006/4726
- http://www.vupen.com/english/advisories/2006/4726
- http://www.vupen.com/english/advisories/2007/0554
- http://www.vupen.com/english/advisories/2007/0554
- http://www.vupen.com/english/advisories/2008/1155/references
- http://www.vupen.com/english/advisories/2008/1155/references
- https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
- https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html