What is CVE-2011-4367?

CVE-2011-4367 is a vulnerability in Apache Myfaces, classified under Path Traversal. Published 2014-06-19.

Is CVE-2011-4367 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Myfaces

CVE-2011-4367

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to f…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

Apache Myfaces
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
79002 (x_refsource_OSVDB, vdb-entry, Broken Link)
myfaces-in-directory-traversal(73100) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
47973 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
51939 (Exploit, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
[myfaces-announce] 20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability (Vendor Advisory, mailing-list, x_refsource_MLIST, Exploit)

Frequently asked questions

What is CVE-2011-4367?: CVE-2011-4367 is a vulnerability in Apache Myfaces, classified under Path Traversal. Published 2014-06-19.
Is CVE-2011-4367 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.