CVE-2018-14371

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14371
Aliases
Downstream
Published
2018-07-18T12:29:00Z
Modified
2025-10-21T04:30:36.716306Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

References

Affected packages

Git / github.com/eclipse-ee4j/mojarra

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-ee4j/mojarra
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1b434748d9239f42eae8aa7d37d7a0930c061e24

Affected versions

Other

initial-contribution

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "78985184270963556182314007368417430050",
            "length": 731.0
        },
        "target": {
            "file": "impl/src/main/java/com/sun/faces/application/resource/ResourceManager.java",
            "function": "getLocalePrefix"
        },
        "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
        "id": "CVE-2018-14371-049ce9b2",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "70322480537739052774084584317398054035",
                "231251267116386616632618780783746322157",
                "291069530633298000581908944237761418377",
                "288578048813723010792164654894819094770"
            ]
        },
        "target": {
            "file": "impl/src/main/java/com/sun/faces/application/resource/ResourceManager.java"
        },
        "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
        "id": "CVE-2018-14371-93e1e03b",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "308523144820732483400291549987336030538",
                "279007306830836050829605516263463414455",
                "204613409217991402601037419095691594240",
                "123030983730660267491737243797690444936"
            ]
        },
        "target": {
            "file": "impl/src/main/java/com/sun/faces/application/applicationimpl/InstanceFactory.java"
        },
        "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
        "id": "CVE-2018-14371-bfc96243",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "35268667866906904737243452786281145631",
            "length": 113.0
        },
        "target": {
            "file": "impl/src/main/java/com/sun/faces/application/applicationimpl/InstanceFactory.java",
            "function": "createComponent"
        },
        "source": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
        "id": "CVE-2018-14371-eff33215",
        "deprecated": false,
        "signature_version": "v1"
    }
]