Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0039

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
6.8MEDIUM
EPSS
3.8%
top 11.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Geronimo
Timeline
PublishedApr 17
Latest updateMay 2

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDapache/geronimo4 versions+3

🔴Vulnerability Details

3
OSV
Apache Geronimo Application Server CSRF vulnerabilities2022-05-02
GHSA
Apache Geronimo Application Server CSRF vulnerabilities2022-05-02
CVEList
CVE-2009-0039: Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 22009-04-17

💥Exploits & PoCs

1
Exploit-DB
Apache Geronimo 2.1.x - Cross-Site Request Forgery (Multiple Admin Function)2009-04-16
CVE-2009-0039 (MEDIUM CVSS 6.8) | Multiple cross-site request forgery | cvebase.io