5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
JavaServer Faces is vulnerable to directory traversals. A malicious user can access arbitrary files through a Uniform Resource Identifier or a through the library name.
rhn.redhat.com/errata/RHSA-2014-0029.html
security.coverity.com/advisory/2013/Oct/two-path-traversal-defects-in-oracles-jsf2-implementation.html
www.kb.cert.org/vuls/id/526012
www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
www.securityfocus.com/bid/63052
www.securitytracker.com/id/1029190
bugzilla.redhat.com/show_bug.cgi?id=1038898
github.com/bleathem/mojarra/commit/ab8b8b934db9686d5eb046043798d054d5f660ba#diff-e455e789d110e5b37206434923760ec9R119
java.net/projects/mojarra/sources/svn/revision/11603
java.net/projects/mojarra/sources/svn/revision/11606
www.exploit-db.com/exploits/38802/