Description

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/26/2

http://www.securityfocus.com/bid/107627

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9%40%3Cuser.jspwiki.apache.org%3E

https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831%40%3Cdev.jspwiki.apache.org%3E

https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E

https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E

Related Vulnerabilities

CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-24709 Vulnerability in npm package @awsui/components-react

CVE-2023-50774 Vulnerability in maven package org.jenkins-ci.plugins:htmlresource

CVE-2019-10769 Vulnerability in npm package safer-eval

CVE-2021-25329 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory