CVE-2019-0225: Path Traversal
First published: Thu Mar 28 2019(Updated: )
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | >=2.9.0<2.11.0 | |
| Apache JSPWiki | =2.11.0 | |
| Apache JSPWiki | =2.11.0-milestone1-rc1 | |
| Apache JSPWiki | =2.11.0-milestone1-rc2 | |
| Apache JSPWiki | =2.11.0-milestone1-rc3 | |
| Apache JSPWiki | =2.11.0-milestone2 | |
| Apache JSPWiki | =2.11.0-milestone2-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2019/03/26/2
- http://www.securityfocus.com/bid/107627
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
- https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9%40%3Cuser.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831%40%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
Frequently Asked Questions
What is CVE-2019-0225?
CVE-2019-0225 is a vulnerability that allows an attacker to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, potentially exposing registered users' details.
What is the severity of CVE-2019-0225?
CVE-2019-0225 has a severity rating of 7.5, which is considered high.
How does CVE-2019-0225 impact Apache JSPWiki?
CVE-2019-0225 allows an attacker to exploit a specially crafted URL to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, potentially exposing users' details.
How can an attacker exploit CVE-2019-0225?
An attacker can exploit CVE-2019-0225 by using a specially crafted URL to access files under the ROOT directory of the Apache JSPWiki application.
How can I protect my Apache JSPWiki application from CVE-2019-0225?
To protect your Apache JSPWiki application from CVE-2019-0225, it is recommended to update to a version higher than 2.11.0.M2.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache jspwiki
- version/apache jspwiki/2.9.0
- version/apache jspwiki/2.11.0
- version/apache jspwiki/2.11.0-milestone1-rc1
- version/apache jspwiki/2.11.0-milestone1-rc2
- version/apache jspwiki/2.11.0-milestone1-rc3
- version/apache jspwiki/2.11.0-milestone2
- version/apache jspwiki/2.11.0-milestone2-rc1