Vulnerability DatabaseCVE-2009-0039
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-0039
April 17, 2009
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
Related ResourcesĀ (10)
https://svn.apache.org/viewvc/geronimo/server
http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
http://dsecrg.com/pages/vul/show.php?id=120
http://secunia.com/advisories/34715
https://github.com/apache/geronimo/commit/aa0c2c26dde8930cad924796af7c17a13d236b16
http://www.securityfocus.com/archive/1/502735/100/0/threaded
http://issues.apache.org/jira/browse/GERONIMO-4597
http://www.vupen.com/english/advisories/2009/1089
https://nvd.nist.gov/vuln/detail/CVE-2009-0039
http://www.securityfocus.com/bid/34562
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352
EPSS
Base Score:
3.82