Local File Inclusion Vulnerability in Apache JSPWiki Affects User Data
CVE-2019-0225

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 28 March 2019

Summary

A vulnerability in Apache JSPWiki allows attackers to exploit a specially crafted URL, potentially leading to unauthorized access of files located in the ROOT directory of the application. This flaw affects versions 2.9.0 through 2.11.0.M2 and can be leveraged to obtain sensitive information, including registered users' details.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/6251c06cb11e0b495066...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2019/03/26/2

mailing-listx_refsource_MLIST

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Nov 14, 2018

.