Apache.Cocoon.Directory.Traversal

description-logoDescription

It indicates an attacker attempted a Directory Traversal attack against Apache Cocoon. Apache Cocoon is vulnerable to a directory traversal attack that may allow an attacker to list directories outside the server root by using /./../ character sequences. The issue is caused because there is insufficient sanitization of user-supplied input to the filename parameter to the view-source script.

affected-products-logoAffected Products

Apache Software Foundation Cocoon 2.2 Apache Software Foundation Cocoon 2.1

Impact logoImpact

Information Leakage

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978