CVE-2006-5750 (GCVE-0-2006-5750)
Vulnerability from cvelistv5
Published
2006-11-27 20:00
Modified
2024-08-07 20:04
Severity ?
CWE
  • n/a
Summary
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
References
http://secunia.com/advisories/23984 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1155/references vdb-entry, x_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402 vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2006-0743.html vendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/30767 vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/21219 vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/4724 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23095 third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/29726 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/452862/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://jira.jboss.com/jira/browse/ASPATCH-126 x_refsource_CONFIRM
https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html x_refsource_CONFIRM
http://securitytracker.com/id?1017289 vdb-entry, x_refsource_SECTRACK
http://www.novell.com/linux/security/advisories/2007_02_sr.html vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2007/0554 vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4726 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/24104 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/452830/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://jira.jboss.com/jira/browse/JBAS-3861 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:54.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "ADV-2008-1155",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1155/references"
          },
          {
            "name": "SSRT080018",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "RHSA-2006:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
          },
          {
            "name": "30767",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30767"
          },
          {
            "name": "21219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21219"
          },
          {
            "name": "ADV-2006-4724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4724"
          },
          {
            "name": "23095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23095"
          },
          {
            "name": "HPSBST02318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
          },
          {
            "name": "29726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29726"
          },
          {
            "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
          },
          {
            "name": "1017289",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017289"
          },
          {
            "name": "SUSE-SR:2007:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "ADV-2007-0554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0554"
          },
          {
            "name": "ADV-2006-4726",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4726"
          },
          {
            "name": "24104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24104"
          },
          {
            "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "23984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23984"
        },
        {
          "name": "ADV-2008-1155",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1155/references"
        },
        {
          "name": "SSRT080018",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "RHSA-2006:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
        },
        {
          "name": "30767",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30767"
        },
        {
          "name": "21219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21219"
        },
        {
          "name": "ADV-2006-4724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4724"
        },
        {
          "name": "23095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23095"
        },
        {
          "name": "HPSBST02318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
        },
        {
          "name": "29726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29726"
        },
        {
          "name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
        },
        {
          "name": "1017289",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017289"
        },
        {
          "name": "SUSE-SR:2007:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
        },
        {
          "name": "ADV-2007-0554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0554"
        },
        {
          "name": "ADV-2006-4726",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4726"
        },
        {
          "name": "24104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24104"
        },
        {
          "name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/JBAS-3861"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-5750",
    "datePublished": "2006-11-27T20:00:00.000Z",
    "dateReserved": "2006-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T20:04:54.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.