Apache Geronimo 2.1.x vulnerabilities
This page lists all security vulnerabilities fixed in maintenance releases or interim builds of Apache Geronimo 2.1. Each vulnerability is given a security impact rating by either the Apache Geronimo team or by the dependent project supplying the fix - please note that this rating is not uniform and will vary from project to project. We also list the versions of Apache Geronimo the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.
Please send comments or corrections for these vulnerabilities to the Geronimo Security mailing list.
- Apache Geronimo 2.1.5
- Apache Geronimo 2.1.4
- Apache Geronimo 2.1.3
- Apache Geronimo 2.1.2
- Apache Geronimo 2.1.1
Other Known Vulnerabilities
None at this time.
Fixed in Geronimo 2.1.5
Anchor | ||||
---|---|---|---|---|
|
Please visit the 2.1.5 Release Notes page for details on all of the included JIRAs.
Fixed in Geronimo 2.1.4
Anchor | ||||
---|---|---|---|---|
|
Please visit the 2.1.4 Release Notes page for details on all of the included JIRAs.
Geronimo Server
Included patch to close potential denial of service attack vector (OOM) in Tomcat session handling
JIRA: GERONIMO-3838
Affects: 2.1-2.1.3
Geronimo Admin Console:
CVE-2008-5518: Apache Geronimo web administration console directory traversal vulnerabilities.
A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running the Apache Geronimo server on Windows. This issue may allow a remote attacker to upload any file in any directory. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes.
JIRA: GERONIMO-4597
Affects: 2.1-2.1.3
CVE-2009-0038: Apache Geronimo web administration console XSS vulnerabilities
Various linked and stored cross-site scripting (XSS) vulnerabilities were found in the Apache Geronimo administrative console and related utilities. Using this vulnerability an attacker can steal an administrator's cookie and then authenticate as administrator or perform certain administrative actions. For example, a user can inject XSS in some URLs or in several input fields in various portlets. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting this issue and assisting us with validating our fixes.
JIRA: GERONIMO-4597
Affects: 2.1-2.1.3
CVE-2009-0039: Apache Geronimo web administration console XSRF vulnerabilities
Various cross-site request forgery (XSRF or CSRF) vulnerabilities were identified in the Apache Geronimo web administration console. Exploiting these issues may allow a remote attacker to perform certain administrative actions, e.g. change web administration password, upload applications, etc... using predictable URL requests once the user has authenticated and obtained a valid session with the server. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.
Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes.
JIRA: GERONIMO-4597
Affects: 2.1-2.1.3
Fixed in Geronimo 2.1.3
Anchor | ||||
---|---|---|---|---|
|
Please visit the 2.1.3 Release Notes page for details on all of the included JIRAs.
DWR
Upgraded from DWR 2.0.3 to 2.0.5 to include the following security fixes -
- DWR version 2.0.5 fixed 1 XSS vulnerabilities in r2077
No Format r2077 | joe | 2008-06-22 09:28:22 -0400 (Sun, 22 Jun 2008) | 7 lines Fix for XSS issue in ExceptionHandler: PartialResponse.fromOrdinal() throws a NumberFormatException trying to parse the 'partialResponse' parameter. This exception is never caught, prompting UrlProcessor to invoke DWR's default ExceptionHandler class, which calls out.println(cause.getMessage()), thereby causing the XSS.
JIRA: GERONIMO-4266
Affects: 2.1-2.1.2
ActiveMQ
Included ActiveMQ patch for the following security exposure -
- AMQ-1272 - Stomp protocol does not correctly check authentication (security hole)
JIRA: GERONIMO-4262
Affects: 2.1-2.1.2
Tomcat
Upgraded from Tomcat 6.0.16 to 6.0.18 to include the following security fixes -
- low: Cross-site scripting CVE-2008-1232
- low: Cross-site scripting CVE-2008-1947
- important: Information disclosure CVE-2008-2370
- moderate: Directory traversal CVE-2008-2938
For more details on each fix, please visit the Tomcat 6.x Security page.
JIRA: GERONIMO-4245
Affects: 2.1-2.1.2
Fixed in Geronimo 2.1.2
Anchor | ||||
---|---|---|---|---|
|
DWR
Upgraded from DWR 2.0.1 to 2.0.3 to include the following security fixes -
JIRA: GERONIMO-4116
Affects: 2.1-2.1.1
Tomcat
Upgraded from Tomcat 6.0.14 to 6.0.16 to include the following security fixes -
- low: Session hi-jacking CVE-2007-5333
- low: Elevated privileges CVE-2007-5342
- important: Information disclosure CVE-2007-5461
- important: Data integrity CVE-2007-6286
- important: Information disclosure CVE-2008-0002
For more details on each fix, please visit the Tomcat 6.x Security page.
JIRA: GERONIMO-4085
Affects: 2.1-2.1.1
Fixed in Geronimo 2.1.1
Anchor | ||||
---|---|---|---|---|
|