3 results (0.036 seconds)

CVSS: 6.5EPSS: 5%CPEs: 13EXPL: 0

CVE-2020-6950 – Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371

https://notcve.org/view.php?id=CVE-2020-6950

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Una vulnerabilidad de Salto de Directorio en Eclipse Mojarra versiones anteriores a 2.3.14, permite a atacantes leer archivos arbitrarios por medio del parámetro loc o del parámetro con A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 https://github.com/eclipse-ee4j/mojarra/issues/4571 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-6950 https://bugzilla.redhat.com/show_bug.cgi?id=1805006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-14371 – mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

https://notcve.org/view.php?id=CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. La función getLocalePrefix en ResourceManager.java en Eclipse Mojarra en versiones anteriores a la 2.3.7 se ha visto afectada por un salto de directorio mediante el parámetro loc. Un atacante remoto puedes descargar archivos de configuración o bytecodes de Java desde las aplicaciones. • https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 https://github.com/javaserverfaces/mojarra/issues/4364 https://access.redhat.com/security/cve/CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1607709 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

CVE-2013-5855 – JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

https://notcve.org/view.php?id=CVE-2013-5855

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors. Oracle Mojarra 2.2.x anterior a 2.2.6 y 2.1.x anterior a 2.1.28 no realiza la codificación debida cuando se utilice (1) una etiqueta o (2) una expresión EL después de un bloque del estilo scriptor, lo que permite a atacantes remotos realizar ataques de XSS a través de vectores específicos de una aplicación. It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute arbitrary web script in the user's browser. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •