Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5518Path Traversal in Apache Geronimo

CWE-22Path Traversal6 documents5 sources
Severity
9.4CRITICALNVD
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Geronimo
Timeline
PublishedApr 17
Latest updateMay 14

Description

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet

CVSS vector

AV:N/AC:L/C:C/I:C/A:NExploitability: 10.0 | Impact: 9.2

Affected Packages1 packages

NVDapache/geronimo4 versions+3

Patches

Patch: geronimo.apache.orgPatch: issues.apache.orgPatch: geronimo.apache.org

🔴Vulnerability Details

3
GHSA
Apache Geronimo Application Server multiple directory traversal vulnerabilities2022-05-14
OSV
Apache Geronimo Application Server multiple directory traversal vulnerabilities2022-05-14
CVEList
CVE-2008-5518: Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 22009-04-17

💥Exploits & PoCs

2
Exploit-DB
Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities2009-04-16
Exploit-DB
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)2008-04-28
CVE-2008-5518 — Path Traversal in Apache Geronimo | cvebase