Description
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Remediation
References
Related Vulnerabilities
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)
WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)
WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.2.5)
Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)