CVE-2009-0038

{"id": "CVE-2009-0038", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-17T14:30:00.530", "references": [{"url": "http://dsecrg.com/pages/vul/show.php?id=119", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://issues.apache.org/jira/browse/GERONIMO-4597", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34715", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/502734/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/34562", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1089", "source": "secalert@redhat.com"}, {"url": "http://dsecrg.com/pages/vul/show.php?id=119", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://issues.apache.org/jira/browse/GERONIMO-4597", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34715", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/502734/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34562", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/1089", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la consola de administraci\u00f3n web en Apache Geronimo Application Server 2.1 a 2.1.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) name, (2) ip, (3) username, o (4) description para console/portal/Server/Monitoring; o (5) el PATH_INFO para la URI por defecto bajo console/portal/."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF8E5A6-BCAA-428E-A703-6D1508AE2DA0"}, {"criteria": "cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7353F7C5-18E8-4310-B31E-9B13963E3F18"}, {"criteria": "cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73F4CBB7-FF16-4B01-85B2-5B3FE7C8BE3D"}, {"criteria": "cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "366DB1DC-39E2-43A1-9A23-37B7A75F7D07"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}