Описание
Apache MyFaces Vulnerable to Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4367
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73100
- https://web.archive.org/web/20120213042504/http://www.securityfocus.com/bid/51939
- http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E
- http://seclists.org/fulldisclosure/2012/Feb/150
Пакеты
org.apache.myfaces.core:myfaces-impl
>= 2.0.0, < 2.0.12
2.0.12
org.apache.myfaces.core:myfaces-impl
>= 2.1.0, < 2.1.6
2.1.6
Связанные уязвимости
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Multiple directory traversal vulnerabilities in MyFaces JavaServer Fac ...