Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-5750

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

Published

2006-11-27T20:07:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application jboss jboss_application_server 3.2.5_final Yes
Application jboss jboss_application_server 3.2.6_final Yes
Application jboss jboss_application_server 3.2.7_final Yes
Application jboss jboss_application_server 3.2.8.sp1 Yes
Application jboss jboss_application_server 3.2.8_final Yes
Application jboss jboss_application_server 4.0.0_final Yes
Application jboss jboss_application_server 4.0.1_final Yes
Application jboss jboss_application_server 4.0.1_sp1 Yes
Application jboss jboss_application_server 4.0.2_final Yes
Application jboss jboss_application_server 4.0.3_final Yes
Application jboss jboss_application_server 4.0.4.ga Yes
Application jboss jboss_application_server 4.0.5.ga Yes
References