CVE-2009-0038
published 2009-04-17CVE-2009-0038: Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
18.00%
96.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | geronimo | — | — |
| apache | geronimo | — | — |
| apache | geronimo | — | — |
| apache | geronimo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
osv·2022-05-02
CVE-2009-0038 [MEDIUM] Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
GHSA
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
ghsa·2022-05-02
CVE-2009-0038 [MEDIUM] CWE-79 Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
No detection rules found.
Exploit-DB
Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2009-04-16
CVE-2009-0038 Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site Scripting Vulnerabilities
Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/34562/info
Apache Geronimo Application Server is prone to multiple remote vulnerabilities:
- Multiple directory-traversal vulnerabilities
- A cross-site scripting vulnerability
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability
Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.
Apache Geronimo 2.1 through 2.1.3 are vulnerable.
http://www.example.com/console/portal/Server/Monitoring
Vulnerable parameters: "name", "ip", "username", "descri
Exploit-DB
Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting
exploitdb·2009-04-16
CVE-2009-0038 Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting
Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/34562/info
Apache Geronimo Application Server is prone to multiple remote vulnerabilities:
- Multiple directory-traversal vulnerabilities
- A cross-site scripting vulnerability
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability
Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.
Apache Geronimo 2.1 through 2.1.3 are vulnerable.
http://www.example.com/console/portal/">alert('DSecRG XSS')<!--
http://dsecrg.com/pages/vul/show.php?id=119http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214http://issues.apache.org/jira/browse/GERONIMO-4597http://secunia.com/advisories/34715http://www.securityfocus.com/archive/1/502734/100/0/threadedhttp://www.securityfocus.com/bid/34562http://www.vupen.com/english/advisories/2009/1089http://dsecrg.com/pages/vul/show.php?id=119http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214http://issues.apache.org/jira/browse/GERONIMO-4597http://secunia.com/advisories/34715http://www.securityfocus.com/archive/1/502734/100/0/threadedhttp://www.securityfocus.com/bid/34562http://www.vupen.com/english/advisories/2009/1089
2009-04-17
Published