Published: 19/06/2014 Updated: 04/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.6 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache myfaces

source: wwwsecurityfocuscom/bid/51939/info Apache MyFaces is prone to a remote information-disclosure vulnerability Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks The following versions are affected: Apache MyFaces 201 through 2011 Apache MyFaces 210 through 215 http: ...

Apache MyFaces Core versions 201 to 2011 and 210 to 215 suffer from a remote file disclosure vulnerability ...

CWE-22 http://osvdb.org/show/osvdb/79002 http://www.securityfocus.com/bid/51939 http://secunia.com/advisories/47973 http://seclists.org/fulldisclosure/2012/Feb/150 http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E https://exchange.xforce.ibmcloud.com/vulnerabilities/73100 https://nvd.nist.gov https://www.exploit-db.com/exploits/36681/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-4367

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect