CVE-2019-0225

HIGH

Apache JSPWiki 2.9.0-2.11.0.M2 - Path Traversal via Specially Crafted URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0225. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains documentation and test files for Apache JSPWiki, specifically related to CVE-2019-0225. The provided files include README documentation and integration test code for JSPWiki, but no actual exploit code or proof-of-concept for the vulnerability.

Description

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/apache__jspwiki_CVE-2019-0225_2-11-0-M2

This repository contains documentation and test files for Apache JSPWiki, specifically related to CVE-2019-0225. The provided files include README documentation and integration test code for JSPWiki, but no actual exploit code or proof-of-concept for the vulnerability.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache JSPWiki 2.11.0.M2
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/03/26/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107627

Scores

CVSS v3 7.5
EPSS 0.0340
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (3)
apache/jspwiki 2.11.0 (6 CPE variants)
apache/jspwiki 2.9.0 - 2.11.0
org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M3Maven
Published Mar 28, 2019
Tracked Since Feb 18, 2026