Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.6 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache myfaces |