CVE-2019-0225 — Path Traversal in Apache Jspwiki

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.4%

top 12.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Jspwiki Apache Jspwiki

Timeline

PublishedMar 28

Latest updateApr 8

Description

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/jspwiki2.9.0 — 2.11.0+1

▶CVEListV5apache/apache_jspwikiApache JSPWiki 2.9.0 to 2.11.0.M2

🔴Vulnerability Details

OSV

Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war↗2019-04-08

▶

GHSA

Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war↗2019-04-08

▶

CVEList

CVE-2019-0225: A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2↗2019-03-28

▶