|
Description
|
|
Multiple vulnerabilities have been identified in Apache Geronimo, which could be exploited by attackers to disclose sensitive information or bypass security restrictions.
The first issue is caused by input validation errors in the "Services/Repository", "Embedded DB/DB Manager", and "Security/Keystores" portlets within the web administration console, which could allow attackers to conduct directory traversal attacks and upload malicious file to arbitrary directories.
The second vulnerability is caused by input validation errors in the web administration console when processing user-supplied data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
The third issue is caused due to input validation errors in the web administration console when processing HTTP requests, which could be exploited by attackers to bypass security restrictions and or perform administrative actions by tricking an administrator into visiting a malicious web page.
|
