cbcvebase.
CVE-2019-14312
published 2019-08-09

CVE-2019-14312: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker…

PriorityP352medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
20.59%
97.2th percentile
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
aptanajaxer

Detection & IOCsextracted from sources · hover to see the quote

url/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
path/tools/sourceViewer/index.html
port8081
  • Monitor HTTP GET requests to the path /tools/sourceViewer/index.html containing directory traversal sequences (e.g., ../ or URL-encoded ..%2f) in the 'filename' parameter, which indicates exploitation of the LFI vulnerability.
  • Alert on HTTP responses with status 200 that contain the pattern 'root:.*:0:0:' in the body, indicating successful /etc/passwd file read via LFI.
  • The vulnerable endpoint is specifically within the wikilite demo's source code viewer; look for requests to /aptana/tools/sourceViewer/index.html on port 8081.
  • ·Exploitation requires the attacker to have access to the Aptana Jaxer web application and the Samples and Tools page with the wikilite demo enabled.
  • ·The vulnerability was tested on Linux; path traversal depth and target files may differ on other operating systems.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.