Lucene search

Ubuntu.comUB:CVE-2019-0225

HistoryMar 28, 2019 - 12:00 a.m.

CVE-2019-0225

2019-03-2800:00:00

ubuntu.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.719 High

EPSS

Percentile

98.1%

JSON

A specially crafted url could be used to access files under the ROOT
directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which
could be used by an attacker to obtain registered users’ details.

References

issues.apache.org/jira/browse/JSPWIKI-1095

launchpad.net/bugs/cve/CVE-2019-0225

nvd.nist.gov/vuln/detail/CVE-2019-0225

security-tracker.debian.org/tracker/CVE-2019-0225

www.cve.org/CVERecord?id=CVE-2019-0225

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.719 High

EPSS

Percentile

98.1%

JSON

Related for UB:CVE-2019-0225