[
https://issues.apache.org/jira/browse/GERONIMO-4597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rex Wang closed GERONIMO-4597.
------------------------------
closing it
> Validate Web Admin Console input - address admin console security
> vulnerabilities
> ---------------------------------------------------------------------------------
>
> Key: GERONIMO-4597
> URL: https://issues.apache.org/jira/browse/GERONIMO-4597
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: console
> Affects Versions: 2.1, 2.1.1, 2.1.2, 2.1.3
> Reporter: Joe Bohn
> Assignee: Joe Bohn
> Fix For: 2.1.4, 2.1.5, 2.2
>
> Attachments: G4597_branch_20.patch
>
>
> This JIRA addresses the following security vulnerabilities in the web admin
> console:
> CVE-2008-5518: Apache Geronimo web administration console directory traversal
> vulnerabilities.
> A vulnerability was found in several portlets including Services/Repository,
> Embedded DB/DB Manager, and Security/Keystores when running the Apache
> Geronimo server on Windows. This issue may allow a remote attacker to upload
> any file in any directory. This affects all full JavaEE Geronimo assemblies
> or other distributions which include the administration web console up to and
> including Apache Geronimo 2.1.3. An alternative workaround (if you choose to
> not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the
> administration web console application in the server.
> Credit: The Apache Geronimo project would like to thank Digital Security
> Research Group (dsecrg.com) for responsibly reporting this issue and
> assisting us with validating our fixes.
> CVE-2009-0038: Apache Geronimo web administration console XSS vulnerabilities
> Various linked and stored cross-site scripting (XSS) vulnerabilities were
> found in the Apache Geronimo administrative console and related utilities.
> Using this vulnerability an attacker can steal an administrator's cookie and
> then authenticate as administrator or perform certain administrative actions.
> For example, a user can inject XSS in some URLs or in several input fields in
> various portlets. This affects all full JavaEE Geronimo assemblies or other
> distributions which include the administration web console up to and
> including Apache Geronimo 2.1.3. An alternative workaround (if you choose to
> not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the
> administration web console application in the server.
> Credit: The Apache Geronimo project would like to thank Digital Security
> Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response
> Team) for responsibly reporting this issue and assisting us with validating
> our fixes.
> CVE-2009-0039: Apache Geronimo web administration console XSRF vulnerabilities
> Various cross-site request forgery (XSRF or CSRF) vulnerabilities were
> identified in the Apache Geronimo web administration console. Exploiting
> these issues may allow a remote attacker to perform certain administrative
> actions, e.g. change web administration password, upload applications, etc...
> using predictable URL requests once the user has authenticated and obtained a
> valid session with the server. This affects all full JavaEE Geronimo
> assemblies or other distributions which include the administration web
> console up to and including Apache Geronimo 2.1.3. An alternative workaround
> (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or
> undeploy the administration web console application in the server.
> Credit: The Apache Geronimo project would like to thank Digital Security
> Research Group (dsecrg.com) for responsibly reporting this issue and
> assisting us with validating our fixes.
> It corrects the issues with the addition of directory checks and a servlet
> filter to check for XSS and XSRF vulnerabilities
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
