CVE-2020-6950

MEDIUM NUCLEI

Eclipse Mojarra < 2.3.14 - Path Traversal

Title source: rule

Description

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

Nuclei Templates (1)

Eclipse Mojarra - Local File Read
MEDIUMVERIFIEDby iamnoooob,pdresearch
Shodan: html:"javax.faces.resource" || http.html:"javax.faces.viewstate" || http.html:"javax.faces.resource"
FOFA: body="javax.faces.ViewState" || body="javax.faces.viewstate" || body="javax.faces.resource"

References (6)

Scores

CVSS v3 6.5
EPSS 0.5166
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (14)
eclipse/mojarra < 2.3.14
oracle/banking_enterprise_default_management 2.10.0
oracle/banking_enterprise_default_management 2.12.0
oracle/banking_platform 2.6.2
oracle/banking_platform 2.7.1
oracle/banking_platform 2.9.0
oracle/banking_platform 2.12.0
oracle/communications_network_integrity 7.3.6
oracle/communications_pricing_design_center 12.0.0.3.0
oracle/hyperion_calculation_manager < 11.2.8.0
... and 4 more
Published Jun 02, 2021
Tracked Since Feb 18, 2026