9 matches found
CVE-2025-55749
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...
EUVD-2025-200075
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...
CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...
CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...
CVE-2025-55749
XWiki Jetty package (XJetty) exposes a context that allows static access to files under webapp/, leading to information disclosure of potentially credential-bearing files. Affected versions are 16.7.0–16.10.11, 17.4.4, and 17.7.0. The issue is fixed in 16.10.11, 17.4.4, and 17.7.0. Connected data...
XWiki Jetty Package (XJetty) allows accessing any application file through URL
Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...
PT-2025-48545
Name of the Vulnerable Software and Affected Versions XWiki versions 16.7.0 through 16.10.11 XWiki versions 17.4.0 through 17.4.4 XWiki version 17.7.0 Description XWiki, an open-source wiki software platform, has an issue where the XWiki Jetty package XJetty exposes a context allowing static acce...
Apache Tapestry Information Disclosure (CVE-2020-13953)
An information disclosure vulnerability exists in Apache Tapestry. This vulnerability is due to URL manipulation that allows Java webapp files inside WEB-INF to be listed and downloaded...
Information Disclosure
tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run...