Novell Home

CVE-2009-0039

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-0039 at MITRE

Details

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
Novell Bugzilla entry: 507806

SUSE Security Advisories:

Product(s) Fixed package version(s) References
SLES 11
  • websphere-as_ce >= 2.1.1.2-2.2
 sle11. x86
sle11. ia64
sle11. x86-64
sle11. s390x
sle11. ppc
SAT Patch Nr: 1016
SLES 11
  • websphere-as_ce >= 2.1.1.2-2.1
 sle11. x86
sle11. ia64
sle11. x86-64
sle11. s390x
sle11. ppc
SAT Patch Nr: 1016
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP2 for IPF
SUSE Linux Enterprise Server 10 SP2 for x86
  • websphere-as_ce >= 2.1.1.2-0.3
 sles10-sp2. s390x
sles10-sp2. x86
sles10-sp2. ia64
sles10-sp2. ppc
sles10-sp2. x86-64
ZYPP Patch Nr: 6312

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.