CVE-2011-4367 in MyFacesinformación

Resumen

por MITRE

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

2011-11-04

Divulgación

2014-06-19

Moderación

aceptado

Artículo

VDB-70105

CPE

listo

CWE

CWE-22 (confirmado)

Explotación

Descargar

CVSS

5.0 (NVD)

EPSS

0.85920

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4367
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4367
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4367/

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!