GHSA-678x-xfp4-r92r

Suggest an improvement
Source
https://github.com/advisories/GHSA-678x-xfp4-r92r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-678x-xfp4-r92r/GHSA-678x-xfp4-r92r.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-678x-xfp4-r92r
Aliases
  • CVE-2009-0039
Published
2022-05-02T03:12:31Z
Modified
2024-12-03T05:52:57.286218Z
Summary
Apache Geronimo Application Server CSRF vulnerabilities
Details

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

Database specific
{
    "nvd_published_at": "2009-04-17T14:30:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-29T19:50:15Z"
}
References

Affected packages

Maven / org.apache.geronimo.plugins:console

Package

Name
org.apache.geronimo.plugins:console
View open source insights on deps.dev
Purl
pkg:maven/org.apache.geronimo.plugins/console

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.4

Affected versions

2.*

2.1
2.1.1
2.1.2
2.1.3