Directory Traversal Vulnerabilities in MyFaces JavaServer Faces by Apache
CVE-2011-4367

Currently unrated

Key Information:

Vendor: Apache
Status: Myfaces
Vendor: CVE Published:; 19 June 2014

What is CVE-2011-4367?

Multiple directory traversal vulnerabilities exist in Apache MyFaces JavaServer Faces that allow remote attackers to access sensitive files on the server. This occurs through the manipulation of parameters, enabling unauthorized reading of arbitrary files, posing a significant risk to the integrity of data and application security. The affected versions of MyFaces Core allow attackers to exploit both the ln parameter in the resource handling and the PATH_INFO component, leading to potential information disclosure.

References

http://seclists.org/fulldisclosure/2012/Feb/150

mailing-listx_refsource_FULLDISC

http://osvdb.org/show/osvdb/79002

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/73100

vdb-entryx_refsource_XF

EPSS Score

86% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2014
Vulnerability Reserved
Nov 4, 2011