CVE-2018-14371

Impact:
Moderate
Public Date:
2018-07-18
CWE:
CWE-22
Bugzilla:
1607709: CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

The MITRE CVE dictionary describes this issue as:

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

Find out more about CVE-2018-14371 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat JBoss Operations Network 3 mojarra Under investigation
Red Hat JBoss Fuse 6 mojarra Under investigation
Red Hat JBoss Enterprise SOA Platform 5 mojarra Under investigation
Red Hat JBoss EAP 6 mojarra Under investigation
Red Hat JBoss Data Virtualization 6 mojarra Under investigation
Red Hat JBoss Data Grid 6 mojarra Under investigation
Red Hat JBoss BRMS 6 mojarra Under investigation
Red Hat JBoss BPMS 6 mojarra Under investigation

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.