CVE-2006-5750
published 2006-11-27CVE-2006-5750: Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
13.51%
96.0th percentile
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
| jboss | jboss_application_server | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
JBoss JBoss Application Server up to 3.2.4 memory corruption (Nessus ID 27282 / ID 115470)
vuldb·2026-04-29·CVSS 7.5
CVE-2006-5750 [HIGH] JBoss JBoss Application Server up to 3.2.4 memory corruption (Nessus ID 27282 / ID 115470)
A vulnerability labeled as critical has been found in JBoss JBoss Application Server up to 3.2.4. Impacted is an unknown function. The manipulation results in memory corruption.
This vulnerability is identified as CVE-2006-5750. The attack can be executed remotely. Additionally, an exploit exists.
The affected component should be upgraded.
GHSA
GHSA-w88w-qrrp-j36h: Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3
ghsa_unreviewed·2022-05-01
CVE-2006-5750 [HIGH] GHSA-w88w-qrrp-j36h: Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Red Hat
security flaw
vendor_redhat·2006-11-27·CVSS 7.5
CVE-2006-5750 [HIGH] security flaw
security flaw
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5750 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2006-5750 [HIGH] CVE-2006-5750 security flaw
CVE-2006-5750 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Bugzilla
CVE-2006-5750 JBoss Java Class DeploymentFileRepository Directory Traversal
bugzilla·2006-11-15·CVSS 7.5
CVE-2006-5750 [HIGH] CVE-2006-5750 JBoss Java Class DeploymentFileRepository Directory Traversal
CVE-2006-5750 JBoss Java Class DeploymentFileRepository Directory Traversal
Reported by Symantec:
From JBoss Documentation: "This class wraps the file system for deployments. It
gives a file-based persistence mechanism for deployments. Used by web-console to
store -service.xml files, -ds.xml files, etc..., really anything text based.
Deployments are tied to a specific name and that name corresponds to the base
file name."
The class can be abused to create files outside of the application root directory.
The method setBaseDir() of the class
org.jboss.console.manager.DeploymentFileRepository does not check if the basedir
is set to a directory outside of the application root directory via directory
traversal. In conjunction with the usage of the methods store() and remove(), it
is possibl
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402http://jira.jboss.com/jira/browse/ASPATCH-126http://jira.jboss.com/jira/browse/JBAS-3861http://secunia.com/advisories/23095http://secunia.com/advisories/23984http://secunia.com/advisories/24104http://secunia.com/advisories/29726http://securitytracker.com/id?1017289http://www.novell.com/linux/security/advisories/2007_02_sr.htmlhttp://www.osvdb.org/30767http://www.redhat.com/support/errata/RHSA-2006-0743.htmlhttp://www.securityfocus.com/archive/1/452830/100/0/threadedhttp://www.securityfocus.com/archive/1/452862/100/100/threadedhttp://www.securityfocus.com/bid/21219http://www.vupen.com/english/advisories/2006/4724http://www.vupen.com/english/advisories/2006/4726http://www.vupen.com/english/advisories/2007/0554http://www.vupen.com/english/advisories/2008/1155/referenceshttps://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402http://jira.jboss.com/jira/browse/ASPATCH-126http://jira.jboss.com/jira/browse/JBAS-3861http://secunia.com/advisories/23095http://secunia.com/advisories/23984http://secunia.com/advisories/24104http://secunia.com/advisories/29726http://securitytracker.com/id?1017289http://www.novell.com/linux/security/advisories/2007_02_sr.htmlhttp://www.osvdb.org/30767http://www.redhat.com/support/errata/RHSA-2006-0743.htmlhttp://www.securityfocus.com/archive/1/452830/100/0/threadedhttp://www.securityfocus.com/archive/1/452862/100/100/threadedhttp://www.securityfocus.com/bid/21219http://www.vupen.com/english/advisories/2006/4724http://www.vupen.com/english/advisories/2006/4726http://www.vupen.com/english/advisories/2007/0554http://www.vupen.com/english/advisories/2008/1155/referenceshttps://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html
2006-11-27
Published