CVE-2009-0039 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0039 Interim 1 8 2022-03-01T00:40:57Z current 2021-05-30T12:45:29Z 2022-03-01T00:40:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0039 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-08/msg00005.html E-Mail link for SUSE-SR:2009:013 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 websphere-as_ce-2.1.1.2-2.2 websphere-as_ce-2.1.1.2-2.2 as a component of SUSE Linux Enterprise Server 11 websphere-as_ce-2.1.1.2-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. CVE-2009-0039 SUSE Linux Enterprise Server 11:websphere-as_ce-2.1.1.2-2.2 SUSE Linux Enterprise Server for SAP Applications 11:websphere-as_ce-2.1.1.2-2.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P