CVE-2006-5750
First published: Mon Nov 27 2006(Updated: )
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Application Server | =4.0.0_final | |
| JBoss Application Server | =4.0.1_sp1 | |
| JBoss Application Server | =4.0.5.ga | |
| JBoss Application Server | =3.2.5_final | |
| JBoss Application Server | =4.0.3_final | |
| JBoss Application Server | =3.2.7_final | |
| JBoss Application Server | =3.2.8.sp1 | |
| JBoss Application Server | =4.0.2_final | |
| JBoss Application Server | =4.0.1_final | |
| JBoss Application Server | =4.0.4.ga | |
| JBoss Application Server | =3.2.6_final | |
| JBoss Application Server | =3.2.8_final | |
| Red Hat JBoss Application Server | =3.2.5_final | |
| Red Hat JBoss Application Server | =3.2.6_final | |
| Red Hat JBoss Application Server | =3.2.7_final | |
| Red Hat JBoss Application Server | =3.2.8.sp1 | |
| Red Hat JBoss Application Server | =3.2.8_final | |
| Red Hat JBoss Application Server | =4.0.0_final | |
| Red Hat JBoss Application Server | =4.0.1_final | |
| Red Hat JBoss Application Server | =4.0.1_sp1 | |
| Red Hat JBoss Application Server | =4.0.2_final | |
| Red Hat JBoss Application Server | =4.0.3_final | |
| Red Hat JBoss Application Server | =4.0.4.ga | |
| Red Hat JBoss Application Server | =4.0.5.ga |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2006-0743.html
- http://jira.jboss.com/jira/browse/ASPATCH-126
- http://secunia.com/advisories/23095
- http://jira.jboss.com/jira/browse/JBAS-3861
- http://www.securityfocus.com/bid/21219
- http://securitytracker.com/id?1017289
- http://www.osvdb.org/30767
- https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24104
- http://secunia.com/advisories/29726
- http://www.vupen.com/english/advisories/2006/4726
- http://www.vupen.com/english/advisories/2008/1155/references
- http://www.vupen.com/english/advisories/2006/4724
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402
- http://www.vupen.com/english/advisories/2007/0554
- http://www.securityfocus.com/archive/1/452862/100/100/threaded
- http://www.securityfocus.com/archive/1/452830/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-5750?
CVE-2006-5750 is considered a high severity vulnerability due to its potential for unauthorized file access and code execution.
How do I fix CVE-2006-5750?
To fix CVE-2006-5750, upgrade to a patched version of the JBoss Application Server as specified in security advisories.
What versions are affected by CVE-2006-5750?
CVE-2006-5750 affects JBoss Application Server versions from 3.2.4 to 4.0.5.
Who can exploit CVE-2006-5750?
CVE-2006-5750 can be exploited by remote authenticated users to gain unauthorized access to files.
What kind of access does CVE-2006-5750 allow an attacker?
CVE-2006-5750 allows attackers to read, modify, and potentially execute arbitrary files on the server.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/jboss
- canonical/jboss application server
- version/jboss application server/4.0.0_final
- version/jboss application server/4.0.1_sp1
- version/jboss application server/4.0.5.ga
- version/jboss application server/3.2.5_final
- version/jboss application server/4.0.3_final
- version/jboss application server/3.2.7_final
- version/jboss application server/3.2.8.sp1
- version/jboss application server/4.0.2_final
- version/jboss application server/4.0.1_final
- version/jboss application server/4.0.4.ga
- version/jboss application server/3.2.6_final
- version/jboss application server/3.2.8_final
- canonical/red hat jboss application server
- version/red hat jboss application server/3.2.5_final
- version/red hat jboss application server/3.2.6_final
- version/red hat jboss application server/3.2.7_final
- version/red hat jboss application server/3.2.8.sp1
- version/red hat jboss application server/3.2.8_final
- version/red hat jboss application server/4.0.0_final
- version/red hat jboss application server/4.0.1_final
- version/red hat jboss application server/4.0.1_sp1
- version/red hat jboss application server/4.0.2_final
- version/red hat jboss application server/4.0.3_final
- version/red hat jboss application server/4.0.4.ga
- version/red hat jboss application server/4.0.5.ga