Exploitation Summary
EIP tracks 4 public exploits for CVE-2011-4367. PoCs published by Paul Nicolucci, dawetmaster, andikahilmy.
AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in Apache MyFaces, allowing remote attackers to disclose sensitive files like web.xml by manipulating the 'ln' parameter in resource requests.
Description
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Exploits (4)
This exploit demonstrates a path traversal vulnerability in Apache MyFaces, allowing remote attackers to disclose sensitive files like web.xml by manipulating the 'ln' parameter in resource requests.
The repository contains only API source files from the MyFaces project, which are part of the vulnerable codebase but do not include any exploit code or proof-of-concept. The files are legitimate components of the MyFaces framework but do not demonstrate or exploit CVE-2011-4367.
This repository contains source code files from the Apache MyFaces project, specifically focusing on the vulnerable components related to CVE-2011-4367. The files include core classes like FactoryFinder and FacesException, which are part of the JSF (JavaServer Faces) API. The repository appears to be a snapshot of the vulnerable codebase rather than an exploit or scanner.
The repository appears to be a legitimate Apache MyFaces project with no exploit code. It contains TypeScript API definitions and documentation but lacks any proof-of-concept exploit for CVE-2011-4367.