CVE-2011-4367 in MyFacesinformação

Sumário

de MITRE

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

04/11/2011

Divulgação

19/06/2014

Moderação

aceite

Entrada

VDB-70105

CPE

pronto

CWE

CWE-22 (confirmado)

Exploração

Descarregar

CVSS

5.0 (NVD)

EPSS

0.85920

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4367
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4367
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4367/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!