What is CVE-2019-0225?

CVE-2019-0225 is a vulnerability in Apache Jspwiki. Published 2019-03-28.

Is CVE-2019-0225 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Jspwiki

CVE-2019-0225

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

EPSS: 0.034 (87.7th percentile) — read the EPSS interpretation.

Affected products

Apache Jspwiki — versions Apache JSPWiki 2.9.0 to 2.11.0.M2

Public proof-of-concept exploits

References

[jspwiki-user] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure (mailing-list, x_refsource_MLIST)
[jspwiki-dev] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure (mailing-list, x_refsource_MLIST)
[oss-security] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure (mailing-list, x_refsource_MLIST)
[announce] 20190326 [CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure (mailing-list, x_refsource_MLIST)
jspwiki-wiki.apache.org/Wiki.jsp (x_refsource_CONFIRM)
107627 (vdb-entry, x_refsource_BID)
[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures (mailing-list, x_refsource_MLIST)
[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-0225?: CVE-2019-0225 is a vulnerability in Apache Jspwiki. Published 2019-03-28.
Is CVE-2019-0225 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.