CVE-2018-14371

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14371
Aliases
Downstream
Published
2018-07-18T12:29:00Z
Modified
2025-10-14T16:23:39.030001Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

References

Affected packages

Git / github.com/eclipse-ee4j/mojarra

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-ee4j/mojarra
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1b434748d9239f42eae8aa7d37d7a0930c061e24

Affected versions

Other

initial-contribution

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 731.0,
                "function_hash": "78985184270963556182314007368417430050"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
            "target": {
                "file": "impl/src/main/java/com/sun/faces/application/resource/ResourceManager.java",
                "function": "getLocalePrefix"
            },
            "id": "CVE-2018-14371-049ce9b2",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "70322480537739052774084584317398054035",
                    "231251267116386616632618780783746322157",
                    "291069530633298000581908944237761418377",
                    "288578048813723010792164654894819094770"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
            "target": {
                "file": "impl/src/main/java/com/sun/faces/application/resource/ResourceManager.java"
            },
            "id": "CVE-2018-14371-93e1e03b",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "308523144820732483400291549987336030538",
                    "279007306830836050829605516263463414455",
                    "204613409217991402601037419095691594240",
                    "123030983730660267491737243797690444936"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
            "target": {
                "file": "impl/src/main/java/com/sun/faces/application/applicationimpl/InstanceFactory.java"
            },
            "id": "CVE-2018-14371-bfc96243",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 113.0,
                "function_hash": "35268667866906904737243452786281145631"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
            "target": {
                "file": "impl/src/main/java/com/sun/faces/application/applicationimpl/InstanceFactory.java",
                "function": "createComponent"
            },
            "id": "CVE-2018-14371-eff33215",
            "signature_type": "Function"
        }
    ]
}