CVE-2009-0039 – org.apache.geronimo.plugins:console

Package

Manager: maven
Name: org.apache.geronimo.plugins:console
Vulnerable Version: >=0 <2.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04509 pctl0.88705

Details

Apache Geronimo Application Server CSRF vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

Metadata

Created: 2022-05-02T03:12:31Z
Modified: 2025-04-09T19:45:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-678x-xfp4-r92r/GHSA-678x-xfp4-r92r.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-678x-xfp4-r92r
Finding: F007
Auto approve: 1