CVE-2020-6950

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Mojarra versions prior to 2.3.14 Oracle WebLogic Server (affected versions not specified)

Description The issue allows attackers to read arbitrary files or affect the system via the HTTP protocol. It is related to a lack of protection for service data in the Web Container component of Oracle WebLogic Server, which uses JavaServer Faces. The loc parameter or con parameter can be used to exploit this issue.

Recommendations For Eclipse Mojarra versions prior to 2.3.14, update to version 2.3.14 or later. For Oracle WebLogic Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-22

Related Identifiers

BDU:2020-00232

CVE-2020-6950

GHSA-RPQ8-MMWH-Q9HM

OESA-2021-1229

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

Affected Products

Eclipse Mojarra

Oracle Weblogic Server

CVE-2020-6950

Weakness Enumeration

Related Identifiers

Affected Products

References · 24