Vulnerability Details : CVE-2006-5750
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2006-5750
- cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5750
43.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-5750
-
http://www.novell.com/linux/security/advisories/2007_02_sr.html
404 Page Not Found | SUSE
-
http://securitytracker.com/id?1017289
-
http://www.vupen.com/english/advisories/2007/0554
-
http://www.vupen.com/english/advisories/2006/4724
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
-
http://jira.jboss.com/jira/browse/ASPATCH-126
-
https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
-
http://www.securityfocus.com/archive/1/452830/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0743.html
Patch
-
http://www.vupen.com/english/advisories/2006/4726
-
http://www.securityfocus.com/bid/21219
Patch
-
http://jira.jboss.com/jira/browse/JBAS-3861
-
http://www.securityfocus.com/archive/1/452862/100/100/threaded
-
http://www.vupen.com/english/advisories/2008/1155/references
Jump to