製品・ソフトウェアに関する情報

JVN脆弱性詳細

jbossas の DeploymentFileRepository クラスにおけるディレクトリトラバーサルの脆弱性

Title	jbossas の DeploymentFileRepository クラスにおけるディレクトリトラバーサルの脆弱性
Summary	JBoss Application Server (jbossas) の DeploymentFileRepository クラスは、コンソールマネージャーに関連する処理に不備があるため、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、任意のファイルを読まれるまたは変更される、および任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 27, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

レッドハット

JBoss Application Server 3.2.4 から 4.0.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5750	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5750
National Vulnerability Database (NVD)
2	CVE-2006-5750	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5750

ベンダー情報

No	Name	URL
Red Hat Security Advisory
1	RHSA-2006:0743	http://rhn.redhat.com/errata/RHSA-2006-0743.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5750

Summary	Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Summary	Vulnerabilidad de salto de directorio en la clase JBoss Application Server (jbossas) 3.2.4 hasta 4.0.5 permite a usuarios remotos validados leer o modificar archivos y posiblemente ejecutar código de su elección, a través de vectores no especificados en el administrador de consola.
Publication Date	Nov. 28, 2006, 5:07 a.m.
Registration Date	Jan. 29, 2021, 3:49 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:::::::*

Related information, measures and tools

No	URL	refsource
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402	secalert@redhat.com
2	http://jira.jboss.com/jira/browse/ASPATCH-126	secalert@redhat.com
3	http://jira.jboss.com/jira/browse/JBAS-3861	secalert@redhat.com
4	http://secunia.com/advisories/23095	secalert@redhat.com
5	http://secunia.com/advisories/23984	secalert@redhat.com
6	http://secunia.com/advisories/24104	secalert@redhat.com
7	http://secunia.com/advisories/29726	secalert@redhat.com
8	http://securitytracker.com/id?1017289	secalert@redhat.com
9	http://www.novell.com/linux/security/advisories/2007_02_sr.html	secalert@redhat.com
10	http://www.osvdb.org/30767	secalert@redhat.com
11	http://www.redhat.com/support/errata/RHSA-2006-0743.html	secalert@redhat.com
12	http://www.securityfocus.com/archive/1/452830/100/0/threaded	secalert@redhat.com
13	http://www.securityfocus.com/archive/1/452862/100/100/threaded	secalert@redhat.com
14	http://www.securityfocus.com/bid/21219	secalert@redhat.com
15	http://www.vupen.com/english/advisories/2006/4724	secalert@redhat.com
16	http://www.vupen.com/english/advisories/2006/4726	secalert@redhat.com
17	http://www.vupen.com/english/advisories/2007/0554	secalert@redhat.com
18	http://www.vupen.com/english/advisories/2008/1155/references	secalert@redhat.com
19	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html	secalert@redhat.com
20	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402	af854a3a-2127-422b-91ae-364da2661108
21	http://jira.jboss.com/jira/browse/ASPATCH-126	af854a3a-2127-422b-91ae-364da2661108
22	http://jira.jboss.com/jira/browse/JBAS-3861	af854a3a-2127-422b-91ae-364da2661108
23	http://secunia.com/advisories/23095	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/23984	af854a3a-2127-422b-91ae-364da2661108
25	http://secunia.com/advisories/24104	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/29726	af854a3a-2127-422b-91ae-364da2661108
27	http://securitytracker.com/id?1017289	af854a3a-2127-422b-91ae-364da2661108
28	http://www.novell.com/linux/security/advisories/2007_02_sr.html	af854a3a-2127-422b-91ae-364da2661108
29	http://www.osvdb.org/30767	af854a3a-2127-422b-91ae-364da2661108
30	http://www.redhat.com/support/errata/RHSA-2006-0743.html	af854a3a-2127-422b-91ae-364da2661108
31	http://www.securityfocus.com/archive/1/452830/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
32	http://www.securityfocus.com/archive/1/452862/100/100/threaded	af854a3a-2127-422b-91ae-364da2661108
33	http://www.securityfocus.com/bid/21219	af854a3a-2127-422b-91ae-364da2661108
34	http://www.vupen.com/english/advisories/2006/4724	af854a3a-2127-422b-91ae-364da2661108
35	http://www.vupen.com/english/advisories/2006/4726	af854a3a-2127-422b-91ae-364da2661108
36	http://www.vupen.com/english/advisories/2007/0554	af854a3a-2127-422b-91ae-364da2661108
37	http://www.vupen.com/english/advisories/2008/1155/references	af854a3a-2127-422b-91ae-364da2661108
38	https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:::::::*
cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:::::::*
cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:::::::*