Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3827 — Path Traversal in Oracle Fusion Middleware

CWE-22 — Path Traversal11 documents11 sources

Severity

5.0MEDIUMNVD

EPSS

91.6%

top 0.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Fusion Middleware

Timeline

PublishedOct 16

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/fusion_middleware8 versions+7

🔴Vulnerability Details

GHSA

Path Traversal in Eclipse Mojarra↗2022-05-17

▶

OSV

Path Traversal in Eclipse Mojarra↗2022-05-17

▶

CVEList

CVE-2013-3827: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2↗2013-10-16

▶

VulnCheck

Oracle GlassFish Server, JDeveloper, and WebLogic Server Components Remote Confidentiality Vulnerability↗2013

▶

💥Exploits & PoCs

Exploit-DB

Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access↗2013-10-15

▶

Nuclei

Javafaces LFI

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt↗2013-10-17

▶

📋Vendor Advisories

Red Hat

JSF2: Multiple Information Disclosure flaws due to unsafe path traversal↗2013-10-17

▶

💬Community

HackerOne

https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability)↗2021-08-26

▶

Bugzilla

CVE-2013-3827 Mojarra JSF2: Multiple Information Disclosure flaws due to unsafe path traversal↗2013-12-06

▶