Local File Inclusion Vulnerability in Apache JSPWiki Affects User Data
CVE-2019-0225

7.5HIGH

Key Information:

Vendor

Apache
Status
Apache Jspwiki
Vendor
CVE Published:
28 March 2019

What is CVE-2019-0225?

A vulnerability in Apache JSPWiki allows attackers to exploit a specially crafted URL, potentially leading to unauthorized access of files located in the ROOT directory of the application. This flaw affects versions 2.9.0 through 2.11.0.M2 and can be leveraged to obtain sensitive information, including registered users' details.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/6251c06cb11e0b495066...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/03/26/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.