Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-4597

Validate Web Admin Console input - address admin console security vulnerabilities

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1, 2.1.1, 2.1.2, 2.1.3
    • Fix Version/s: 2.1.4, 2.1.5, 2.2
    • Component/s: console
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      This JIRA addresses the following security vulnerabilities in the web admin console:

      CVE-2008-5518: Apache Geronimo web administration console directory traversal vulnerabilities.
      A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running the Apache Geronimo server on Windows. This issue may allow a remote attacker to upload any file in any directory. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
      Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes.

      CVE-2009-0038: Apache Geronimo web administration console XSS vulnerabilities
      Various linked and stored cross-site scripting (XSS) vulnerabilities were found in the Apache Geronimo administrative console and related utilities. Using this vulnerability an attacker can steal an administrator's cookie and then authenticate as administrator or perform certain administrative actions. For example, a user can inject XSS in some URLs or in several input fields in various portlets. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
      Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting this issue and assisting us with validating our fixes.

      CVE-2009-0039: Apache Geronimo web administration console XSRF vulnerabilities
      Various cross-site request forgery (XSRF or CSRF) vulnerabilities were identified in the Apache Geronimo web administration console. Exploiting these issues may allow a remote attacker to perform certain administrative actions, e.g. change web administration password, upload applications, etc... using predictable URL requests once the user has authenticated and obtained a valid session with the server. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
      Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes.

      It corrects the issues with the addition of directory checks and a servlet filter to check for XSS and XSRF vulnerabilities

        Attachments

        1. G4597_branch_20.patch
          72 kB
          Lin Quan Jiang

          Activity

            People

            • Assignee:
              jbohn Joseph Alan Bohn
              Reporter:
              jbohn Joseph Alan Bohn
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: