CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

HCL BigFix Compliance security vulnerabilities

HCL BigFix Compliance is a continuous monitoring and application terminal security setting implemented by HCL Company in India, aimed at ensuring compliance with regulations or organizational security policies. HCL BigFix Compliance has security vulnerabilities; these vulnerabilities stem from...

PT-2026-5197

Name of the Vulnerable Software and Affected Versions HCL BigFix Compliance affected versions not specified Description A flaw exists in HCL BigFix Compliance that allows a remote attacker to access files within the WEB-INF directory. These files may include Java class files and configuration...

GHSA-53GX-J3P6-2RW9 XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

PT-2023-20727 · Syncro Soft · Oxygen Content Fusion +1

Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715 Oxygen Content Fusion versions prior to 5.0.3 build 2023022015 Description: A directory traversal issue allows an attacker to read files from a WEB-INF directory via a crafted...

SUSE CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

GHSA-GHM8-MMX7-XVG2 Information Exposure in Apache Tapestry

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to...

Apache Tapestry Information Disclosure (CVE-2021-30638)

An information disclosure vulnerability exists in Apache Tapestry. A URL manipulation via smuggled backslashes allows Java webapp files inside WEB-INF to be listed and downloaded...

PT-2021-18781 · Apache · Apache Tapestry

Name of the Vulnerable Software and Affected Versions: Apache Tapestry versions 5.4.0 through 5.6.3 Description: The issue allows an attacker to download files inside WEB-INF using a specially-constructed URL, due to incomplete fix for a previous issue. This affects the context asset handling of...

Crowd 安全漏洞

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other features for multi-user, web applications and directory servers. A security vulnerability exists in Crowd before version 4.0.4, and from version 4.1.0 before...

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access che...

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...

Atlassian Confluence Server and Confluence Data Center Security Vulnerabilities

Atlassian Confluence Server and Atlassian Confluence are both products of Atlassian Australia.Atlassian Confluence Server is the server version of a suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. Atlassian Confluence is ...