CVE-2008-5518
published 2009-04-17CVE-2008-5518: Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote…
PriorityP263critical9.4CVSS 2.0
AVNACLAuNCCICAN
EXPLOIT
EPSS
35.93%
98.3th percentile
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | geronimo | — | — |
| apache | geronimo | — | — |
| apache | geronimo | — | — |
| apache | geronimo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/console/portal//Security/Keystores/__pm0x3console-base0x2Keystores!824133314|0_view/__rp0x3console-base0x2Keystores!824133314|0_mode/createKeystore↗
- →Monitor HTTP requests to /console/portal//Services/Repository for directory traversal sequences in the 'group', 'artifact', 'version', or 'fileType' parameters. ↗
- →Monitor HTTP requests to /console/portal/Embedded DB/DB Manager for directory traversal sequences in the 'createDB' parameter. ↗
- →Monitor HTTP requests to the createKeystore script endpoint for directory traversal sequences in the 'filename' parameter. ↗
- →This vulnerability is Windows-specific; directory traversal file upload attacks via the Geronimo admin console only affect Windows deployments. ↗
- ·Vulnerability only affects Apache Geronimo versions 2.1 through 2.1.3 running on Windows; fixed in 2.1.4. ↗
- ·Only deployments that include the administration web console are affected; undeploying the console is a valid workaround. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Geronimo Application Server multiple directory traversal vulnerabilities
ghsa·2022-05-14
CVE-2008-5518 [HIGH] CWE-22 Apache Geronimo Application Server multiple directory traversal vulnerabilities
Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.
OSV
Apache Geronimo Application Server multiple directory traversal vulnerabilities
osv·2022-05-14
CVE-2008-5518 [HIGH] Apache Geronimo Application Server multiple directory traversal vulnerabilities
Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.
No detection rules found.
Exploit-DB
Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities
exploitdb·2009-04-16
CVE-2008-5518 Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities
Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities
---
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-018
Application: Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org/
Bug: Directory Traversal File Upload
Exploits: YES
Reported: 10.12.2008
Vendor response: 10.12.2008
Solution: YES
Date of Public Advisory: 16.04.2009
CVE-number: 2008-5518
Author: Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
Geronimo Server Console multiple Directory Traversal vulnerabilities.
A vulnerability was found in several portlets including Services/Repository, Embedded
DB/DB Manager, and Security/Keystores when running on a Windows server. This issue may
allow a remote attacker to
Exploit-DB
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
exploitdb·2008-04-28
CVE-2008-1084 Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
Microsoft Windows XP SP2 - 'win32k.sys' Local Privilege Escalation (MS08-025)
---
// ms08-25-exploit #1
// This exploit takes advantage of one of the vulnerabilities
// patched in the Microsoft Security bulletin MS08-25
// http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
// ---------------------------------------
// Modifications are strictly prohibited.
// For research purposes ONLY.
// ---------------------------------------
// Ruben Santamarta
// www.reversemode.com
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5518.zip (2008-ms08-25-exploit.zip)
# milw0rm.com [2008-04-28]
No writeups or analysis indexed.
http://dsecrg.com/pages/vul/show.php?id=118http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214http://issues.apache.org/jira/browse/GERONIMO-4597http://secunia.com/advisories/34715http://www.securityfocus.com/archive/1/502733/100/0/threadedhttp://www.securityfocus.com/bid/34562http://www.vupen.com/english/advisories/2009/1089https://exchange.xforce.ibmcloud.com/vulnerabilities/49898https://exchange.xforce.ibmcloud.com/vulnerabilities/49899https://exchange.xforce.ibmcloud.com/vulnerabilities/49900https://www.exploit-db.com/exploits/8458http://dsecrg.com/pages/vul/show.php?id=118http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214http://issues.apache.org/jira/browse/GERONIMO-4597http://secunia.com/advisories/34715http://www.securityfocus.com/archive/1/502733/100/0/threadedhttp://www.securityfocus.com/bid/34562http://www.vupen.com/english/advisories/2009/1089https://exchange.xforce.ibmcloud.com/vulnerabilities/49898https://exchange.xforce.ibmcloud.com/vulnerabilities/49899https://exchange.xforce.ibmcloud.com/vulnerabilities/49900https://www.exploit-db.com/exploits/8458
2009-04-17
Published