CVE-2019-0225

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 28 March 2019

Summary

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/6251c06cb11e0b495066...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2019/03/26/2

mailing-listx_refsource_MLIST

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Nov 14, 2018