Описание
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.9.0 (включая) до 2.11.0 (исключая)
Одно из
cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone2-rc1:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03527
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 7 лет назад
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
CVSS3: 7.5
debian
почти 7 лет назад
A specially crafted url could be used to access files under the ROOT d ...
CVSS3: 7.5
github
почти 7 лет назад
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
EPSS
Процентиль: 87%
0.03527
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22