Описание
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.
Меры по смягчению последствий
There is no currently known mitigation for this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | jsf-impl | Will not fix | ||
| Red Hat Decision Manager 7 | jsf-impl | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jsf-impl | Out of support scope | ||
| Red Hat JBoss Fuse 6 | jsf-impl | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | jsf-impl | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | jsf-impl | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | jsf-impl | Affected | ||
| Red Hat Process Automation 7 | jsf-impl | Not affected | ||
| Red Hat Satellite 5 | glassfish-jsf-impl | Out of support scope | ||
| EAP-CD 20 Tech Preview | jsf-impl | Fixed | RHSA-2020:3585 | 31.08.2020 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers ...
Уязвимость компонента Web Container (JavaServer Faces) сервера приложений Oracle WebLogic Server, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3