PT-2019-11199 · Apache · Apache Jspwiki

Published

2019-03-28

Updated

2020-03-09

CVE-2019-0225

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions 2.9.0 through 2.11.0.M2

Description: A specially crafted URL could be used to access files under the ROOT directory of the application, potentially allowing an attacker to obtain registered users' details.

Recommendations: For Apache JSPWiki versions 2.9.0 through 2.11.0.M2, consider restricting access to sensitive files and directories under the ROOT directory until a patch is available. As a temporary workaround, limit the information stored in accessible files to minimize the risk of data exposure.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-0225

GHSA-PFFW-P2Q5-W6VH

Affected Products

Apache Jspwiki

PT-2019-11199 · Apache · Apache Jspwiki

CVE-2019-0225

Weakness Enumeration

Related Identifiers

Affected Products

References · 18