Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-0038

Good to know:

icon

Date: April 17, 2009

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

Language: Java

Severity Score

Related Resources (14)

http://secunia.com/advisories/34715
http://www.vupen.com/english/advisories/2009/1089
https://web.archive.org/web/20200229223125/http://www.securityfocus.com/bid/34562
https://github.com/apache/geronimo
https://nvd.nist.gov/vuln/detail/CVE-2009-0038
http://www.securityfocus.com/archive/1/502734/100/0/threaded
https://web.archive.org/web/20090422192202/http://dsecrg.com/pages/vul/show.php?id=119
http://www.securityfocus.com/bid/34562
https://github.com/apache/geronimo/commit/aa0c2c26dde8930cad924796af7c17a13d236b16
http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
http://dsecrg.com/pages/vul/show.php?id=119
http://issues.apache.org/jira/browse/GERONIMO-4597
https://web.archive.org/web/20090419162753/http://secunia.com/advisories/34715
https://www.mend.io/vulnerability-database/CVE-2009-0038

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us