gsd-2019-0225
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0225",
"description": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users\u0027 details.",
"id": "GSD-2019-0225"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0225"
],
"details": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users\u0027 details.",
"id": "GSD-2019-0225",
"modified": "2023-12-13T01:23:39.754703Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache JSPWiki",
"version": {
"version_data": [
{
"version_value": "Apache JSPWiki 2.9.0 to 2.11.0.M2"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users\u0027 details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[jspwiki-user] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E"
},
{
"name": "[jspwiki-dev] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E"
},
{
"name": "[oss-security] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/26/2"
},
{
"name": "[announce] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E"
},
{
"name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225",
"refsource": "CONFIRM",
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225"
},
{
"name": "107627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107627"
},
{
"name": "[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E"
},
{
"name": "[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.9.0,2.11.0.M2]",
"affected_versions": "All versions starting from 2.9.0 up to 2.11.0.M2",
"cvss_v2": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-05-19",
"description": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki which could be used by an attacker to obtain registered users\u0027 details.",
"fixed_versions": [
"2.11.0.M3"
],
"identifier": "CVE-2019-0225",
"identifiers": [
"CVE-2019-0225"
],
"not_impacted": "All versions before 2.9.0, all versions after 2.11.0.M2",
"package_slug": "maven/org.apache.jspwiki/jspwiki-war",
"pubdate": "2019-03-28",
"solution": "Upgrade to version 2.11.0.M3 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-0225",
"http://www.securityfocus.com/bid/107627",
"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225"
],
"uuid": "93eb6307-f3fc-450e-ad8b-8014d0af9dab"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.11.0",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone2-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0225"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users\u0027 details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[jspwiki-dev] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E"
},
{
"name": "[jspwiki-user] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E"
},
{
"name": "[announce] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E"
},
{
"name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225"
},
{
"name": "[oss-security] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/26/2"
},
{
"name": "107627",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107627"
},
{
"name": "[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E"
},
{
"name": "[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-03-09T20:07Z",
"publishedDate": "2019-03-28T22:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…