Apache : Security Vulnerabilities, CVEs, Published In 2014 (Directory traversal)
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.
Max CVSS
5.0
EPSS Score
2.04%
Published
2014-03-18
Updated
2017-08-29
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
Max CVSS
5.0
EPSS Score
93.40%
Published
2014-06-19
Updated
2020-08-04
2 vulnerabilities found