CVE-2006-5750
Summary
| CVE | CVE-2006-5750 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-11-27 20:07:00 UTC |
| Updated | 2018-10-17 21:44:00 UTC |
| Description | Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jboss | Jboss Application Server | 3.2.5_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.6_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.7_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.8.sp1 | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.8_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.0_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.1_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.1_sp1 | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.2_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.3_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.4.ga | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.5.ga | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.5_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.6_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.7_final | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.8.sp1 | All | All | All |
| Application | Jboss | Jboss Application Server | 3.2.8_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.0_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.1_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.1_sp1 | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.2_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.3_final | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.4.ga | All | All | All |
| Application | Jboss | Jboss Application Server | 4.0.5.ga | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [#JBAS-3861] DeploymentFileRepository can be used to write/remove arbitrary files in the filesystem - JBoss.org JIRA | CONFIRM | jira.jboss.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | Patch |
| Security Announcement | SUSE | www.novell.com | |
| secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html | CONFIRM | secure-support.novell.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SUSE Update for Multiple Packages - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability | BID | www.securityfocus.com | Patch |
| SecurityTracker.com Archives - JBoss Application Server Error in DeploymentFileRepository Class Lets Remote Users Read and Write Files | SECTRACK | securitytracker.com | |
| 30767 | OSVDB | www.osvdb.org | |
| JBoss DeploymentFileRepository Directory Traversal Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Novell Identity Manager JBoss Directory Traversal Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data - c01390402 - Centro de Soporte HP para Empresas | HP | h20000.www2.hp.com | |
| HP Storage Essentials Software Directory Traversal Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| [#ASPATCH-126] JBAS-3861: DeploymentFileRepository can be used to write/remove arbitrary files in the filesystem - jboss.org JIRA | CONFIRM | jira.jboss.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.