Apache.MyFaces.Javax.Faces.Resource.File.Disclosure
Description
This indicates an attack attempt against a File Disclosure vulnerability in Apache MyFaces.
This issue is caused by lack of checking the "IN" parameter passed to "/faces/javax.faces.resource". It may allow remote attackers to browse arbitrary file by sending a crafted GET request.
Affected Products
Apache MyFaces 2.0.1 through 2.0.11
Apache MyFaces 2.1.0 through 2.1.5
Impact
Information Disclosure.
Recommended Actions
Upgrade to latest version,available from the web site.
http://myfaces.apache.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |