CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4343
https://notcve.org/view.php?id=CVE-2011-4343
08 Aug 2017 — Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters. Una vulnerabilidad de revelación de información en Apache MyFaces Core en sus versiones 2.0.1 a2.0.10 y 2.1.0 a 2.1.4 permite que atacantes remotos inyecten expresiones EL mediante parámetros manipulados. • http://marc.info/?l=full-disclosure&m=132313252814362 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 87%CPEs: 2EXPL: 4CVE-2011-4367 – Apache MyFaces - 'ln' Information Disclosure
https://notcve.org/view.php?id=CVE-2011-4367
19 Jun 2014 — Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. Múltiples vulnerabilidades de salto de directorio en MyFaces JavaServer Faces (JSF) en Apache MyFaces Core 2.0.x anterior a 2.0.12 y 2.1.x anterior a 2.1.6 permiten a atacantes remotos l... • https://www.exploit-db.com/exploits/36681 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •