BID:21219

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

Info

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

Bugtraq ID:	21219
Class:	Input Validation Error
CVE:	CVE-2006-5750
Remote:	Yes
Local:	No
Published:	Nov 27 2006 12:00AM
Updated:	May 10 2010 10:22AM
Credit:	Oliver Karow <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Novell Identity Manager 3.0.1 SP1 Novell Identity Manager 3.0.1 Novell Identity Manager 3.0 JBoss Group JBoss Web Server 1.0 GA HP Storage Essentials SRM Standard 6.0 HP Storage Essentials SRM Standard 0 HP Storage Essentials SRM Enterprise 6.0 HP Storage Essentials SRM Enterprise 0

Not Vulnerable:

Discussion

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to read, create, delete, and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.

JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that use the affected JBoss Java class may also be affected.

Exploit / POC

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

A Metasploit exploit module is available.

/data/vulnerabilities/exploits/21219.rb

Solution / Fix

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

Solution:
The vendor has released a fix. Please see the references for more information.

JBoss Group JBoss Web Server 1.0 GA

JBoss Group JBoss Patch
http://jira.jboss.com/jira/browse/ASPATCH-126

References

JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability

References:

JBoss Application Server Security Vulnerability Notice (Novell)
JBoss Community Homepage (JBoss Group)
Redhat Advisory: RHSA-2006:0743-3 (Redhat)
SecureJBoss Download (JBoss)