CVE-2019-14312
published 2019-08-09CVE-2019-14312: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker…
PriorityP352medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
20.59%
97.2th percentile
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aptana | jaxer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd↗
- →Monitor HTTP GET requests to the path /tools/sourceViewer/index.html containing directory traversal sequences (e.g., ../ or URL-encoded ..%2f) in the 'filename' parameter, which indicates exploitation of the LFI vulnerability. ↗
- →Alert on HTTP responses with status 200 that contain the pattern 'root:.*:0:0:' in the body, indicating successful /etc/passwd file read via LFI. ↗
- →The vulnerable endpoint is specifically within the wikilite demo's source code viewer; look for requests to /aptana/tools/sourceViewer/index.html on port 8081. ↗
- ·Exploitation requires the attacker to have access to the Aptana Jaxer web application and the Samples and Tools page with the wikilite demo enabled. ↗
- ·The vulnerability was tested on Linux; path traversal depth and target files may differ on other operating systems. ↗
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Aptana Jaxer 1.0.3.4547 - Local File inclusion
exploitdb·2019-08-08·CVSS 6.5
CVE-2019-14312 [MEDIUM] Aptana Jaxer 1.0.3.4547 - Local File inclusion
Aptana Jaxer 1.0.3.4547 - Local File inclusion
---
# Exploit Title: Aptana Jaxer Remote Local File inclusion
# Date: 8/8/2019
# Exploit Author: Steph Jensen
# Vendor Homepage:
[http://www.jaxer.org](http://www.jaxer.org/category/uncategorized/)
# Version: 1.0.3.4547
# Tested on: Linux
# CVE : CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via tools/sourceViewer/index.html?filename=../ URI.
To exploit this vulnerability an attacker must have access to the Aptana Jaxer web application. The Samples and Tools page will have the wikilite demo. After opening the wikilite demo the source code can be viewed by clicking the html butto
Nuclei
Aptana Jaxer 1.0.3.4547 - Local File inclusion
nuclei·CVSS 6.5
CVE-2019-14312 [MEDIUM] Aptana Jaxer 1.0.3.4547 - Local File inclusion
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
Template:
id: CVE-2019-14312
info:
name: Aptana Jaxer 1.0.3.4547 - Local File inclusion
author: daffainfo
severity: medium
description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: |
Upgrade to a pat
No writeups or analysis indexed.
2019-08-09
Published