CVE-2009-0039

Apache Geronimo Application Server 2.1-2.1.3 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0039. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Apache Geronimo Application Server, allowing an attacker to trigger a server shutdown via a crafted HTML form. The PoC leverages a directory traversal flaw to access administrative functionality without authentication.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · htmlremotemultiple

https://www.exploit-db.com/exploits/32922

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Apache Geronimo Application Server, allowing an attacker to trigger a server shutdown via a crafted HTML form. The PoC leverages a directory traversal flaw to access administrative functionality without authentication.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Apache Geronimo Application Server 2.1 through 2.1.3

No auth needed

Prerequisites: Victim must visit a malicious webpage or be tricked into submitting the form

MITRE ATT&CK