CVE-2019-0225

HIGH

Apache Jspwiki < 2.11.0 - Path Traversal

Title source: rule

Description

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2019-0225_2-11-0-M2

View Code ZIP pw:eip

References (8)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/03/26/2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107627

[Vendor Advisory] https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

[Mailing List] https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d%40%3Cannounce.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9%40%3Cuser.jspwiki.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831%40%3Cdev.jspwiki.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.0340

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (3)

apache/jspwiki 2.11.0 (6 CPE variants)

apache/jspwiki 2.9.0 - 2.11.0

org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M3Maven

Published Mar 28, 2019

Tracked Since Feb 18, 2026