Описание
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | MyFaces | Not affected | ||
| Red Hat Decision Manager 7 | MyFaces | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | MyFaces | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | MyFaces | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Continuous Delivery | MyFaces | Not affected | ||
| Red Hat JBoss Fuse 6 | MyFaces | Not affected | ||
| Red Hat Process Automation 7 | MyFaces | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Multiple directory traversal vulnerabilities in MyFaces JavaServer Fac ...
7.5 High
CVSS3