CVE-2006-5750 - Mortiferous Communication
Description
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files and possibly execute arbitrary code via unspecified vectors related to the console manager.
Reference
http://www.redhat.com/support/errata/RHSA-2006-0743.html http://jira.jboss.com/jira/browse/ASPATCH-126 http://secunia.com/advisories/23095 http://jira.jboss.com/jira/browse/JBAS-3861 http://www.securityfocus.com/bid/21219 http://securitytracker.com/id?1017289 http://www.osvdb.org/30767 https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html http://www.novell.com/linux/security/advisories/2007_02_sr.html http://secunia.com/advisories/23984 http://secunia.com/advisories/24104 http://secunia.com/advisories/29726 http://www.vupen.com/english/advisories/2006/4726 http://www.vupen.com/english/advisories/2008/1155/references http://www.vupen.com/english/advisories/2006/4724 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402 http://www.vupen.com/english/advisories/2007/0554 http://www.securityfocus.com/archive/1/452862/100/100/threaded http://www.securityfocus.com/archive/1/452830/100/0/threaded