Description
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
http://www.openwall.com/lists/oss-security/2019/03/26/2
http://www.securityfocus.com/bid/107627
https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9%40%3Cuser.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831%40%3Cdev.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
Related Vulnerabilities
CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter
CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2015-5211 Vulnerability in maven package org.springframework:spring-web
CVE-2015-0201 Vulnerability in maven package org.springframework:spring-websocket
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:coyote