CVE-2019-0225

By Year
2019
CVE-2019-0225

Track security vulnerabilities

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Published at

2019-03-28

1025 days ago

Modified

2019-05-19

973 days ago

2019

Year

The year of the turtle

http://www.securityfocus.com/bid/107627

BID:107627

Read More about it More info

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

CONFIRM:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

Read More about it More info

https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E

MLIST:[announce] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure

Read More about it More info

https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E

MLIST:[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures

Read More about it More info

https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E

MLIST:[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures

Read More about it More info

https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E

MLIST:[jspwiki-dev] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure

Read More about it More info

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E

MLIST:[jspwiki-user] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure

Read More about it More info

http://www.openwall.com/lists/oss-security/2019/03/26/2

MLIST:[oss-security] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure

Read More about it More info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2019-0225"
	},
	"Notes": {
		"Note": [
			{
				"_text": "A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details."
			},
			{
				"_text": "2019-03-28"
			},
			{
				"_text": "2019-05-19"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2019-0225"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "http://www.securityfocus.com/bid/107627"
				},
				"Description": {
					"_text": "BID:107627"
				}
			},
			{
				"URL": {
					"_text": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225"
				},
				"Description": {
					"_text": "CONFIRM:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[announce] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[jspwiki-dev] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[jspwiki-user] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure"
				}
			},
			{
				"URL": {
					"_text": "http://www.openwall.com/lists/oss-security/2019/03/26/2"
				},
				"Description": {
					"_text": "MLIST:[oss-security] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure"
				}
			}
		]
	}
}