2 matches found
CVE-2020-6950
Summary of CVE-2020-6950 (Eclipse Mojarra Local File Read) The Nuclei template confirms a directory traversal vulnerability in Eclipse Mojarra before 2.3.14 that allows reading arbitrary files via the loc or con parameter. Affected component is Mojarra (JavaServer Faces) in versions prior to 2.3....
CVE-2018-14371
CVE-2018-14371 affects Eclipse Mojarra (JSF) prior to 2.3.7. The getLocalePrefix function in ResourceManager.java suffers a Directory Traversal via the loc parameter, enabling a remote attacker to download configuration files or Java bytecode from applications. Remediation: upgrade Mojarra to 2.3...