CVE-2018-14371

CWE-22 — Path Traversal12 documents8 sources

Severity

7.5HIGH

EPSS

2.5%

top 14.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Mojarra

Timeline

PublishedJul 18

Latest updateApr 15

Description

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDeclipse/mojarra< 2.3.7

▶Mavenorg.glassfish:mojarra-parent< 2.3.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Path Traversal in Eclipse Mojarra↗2022-05-14

▶

OSV

Path Traversal in Eclipse Mojarra↗2022-05-14

▶

CVEList

CVE-2018-14371: The getLocalePrefix function in ResourceManager↗2018-07-18

▶

OSV

CVE-2018-14371: The getLocalePrefix function in ResourceManager↗2018-07-18

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: ADF Faces (Eclipse Mojarra) — CVE-2018-14371↗2023-04-15

▶

Red Hat

Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371↗2020-02-20

▶

Red Hat

mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter↗2018-07-18

▶

Debian

CVE-2018-14371: mojarra - The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2...↗2018

▶

💬Community

Bugzilla

CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371↗2020-02-20

▶

Bugzilla

CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter [fedora-all]↗2018-07-24

▶

Bugzilla

CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter↗2018-07-24

▶