Local File Inclusion Vulnerability in Apache JSPWiki Affects User Data
CVE-2019-0225

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 28 March 2019

🔔 Create Apache Vulnerability Alert

What is CVE-2019-0225?

A vulnerability in Apache JSPWiki allows attackers to exploit a specially crafted URL, potentially leading to unauthorized access of files located in the ROOT directory of the application. This flaw affects versions 2.9.0 through 2.11.0.M2 and can be leveraged to obtain sensitive information, including registered users' details.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/6251c06cb11e0b495066...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2019/03/26/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Nov 14, 2018

.