漏洞信息详情
Eclipse Mojarra 路径遍历漏洞
- CNNVD编号:CNNVD-201807-1528 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2018-14371
- 漏洞类型: 路径遍历
- 发布时间: 2018-07-19
- 威胁类型: 远程
- 更新时间: 2021-08-13
- 厂 商: eclipse
- 漏洞来源: Red Hat
-
漏洞简介
Eclipse Mojarra是Eclipse基金会的一个JavaServer Faces规范(JSR-372)的实现,它主要用于为Web应用程序构建基于组件的用户界面。
Eclipse Mojarra 2.3.5之前版本中的ResourceManager.java文件的‘getLocalePrefix’函数存在安全漏洞。攻击者可借助‘loc’参数利用该漏洞从应用程序中下载配置文件或Java字节码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
参考网址
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1662/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2050/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157643/Red-Hat-Security-Advisory-2020-2063-01.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/mojarra-directory-traversal-32259
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2042/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2992/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159015/Red-Hat-Security-Advisory-2020-3585-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2536/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2731
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Red-Hat-JBoss-Enterprise-Application-Platform-two-vulnerabilities-32232
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157665/Red-Hat-Security-Advisory-2020-2113-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3065/
受影响实体
- Eclipse Mojarra:2.3.6<!--2000-1-1-->
- Eclipse Mojarra:2.3.5<!--2000-1-1-->
- Eclipse Mojarra:2.3.3.99<!--2000-1-1-->
- Eclipse Mojarra:2.3.4<!--2000-1-1-->
- Eclipse Mojarra:2.3.3<!--2000-1-1-->
补丁
- Eclipse Mojarra 安全漏洞的修复措施<!--2018-7-19-->
还没有评论,来说两句吧...