Lucene search
ApacheCVELIST:CVE-2021-44140HistoryNov 24, 2021 - 11:15 a.m.
CVE-2021-44140 Arbitrary file deletion on logout
2021-11-2411:15:14
apache
www.cve.org
5
arbitrary file deletion
remote attackers
jspwiki
apache
cve-2021-44140
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.
CNA Affected
[
{
"product": "Apache JSPWiki",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.11.0.M8",
"status": "affected",
"version": "Apache JSPWiki",
"versionType": "custom"
}
]
}
]Related
osv
osv
Incorrect Default Permissions in Apache JSPWiki
2021-11-29 17:59:24
CVE-2021-44140
2021-11-24 12:15:07
veracode
veracode
Privilege Escalation
2021-11-26 14:09:40
nvd
nvd
CVE-2021-44140
2021-11-24 12:15:07
cve
cve
CVE-2021-44140
2021-11-24 12:15:07
ubuntucve
ubuntucve
CVE-2021-44140
2021-11-24 00:00:00
github
github
Incorrect Default Permissions in Apache JSPWiki
2021-11-29 17:59:24
prion
prion
Design/Logic Flaw
2021-11-24 12:15:00
openvas
openvas
Apache JSPWiki < 2.11.0 Multiple Vulnerabilities
2022-01-12 00:00:00