CVE-2013-3827

Description

Multiple path traversal flaws where found in Mojarra JSF2 implementation for identifying resources by name or from libraries. An unauthenticated remote attacker can use these flaws to gather otherwise undisclosed information from within an application's root.

How to fix CVE-2013-3827

To remediate CVE-2013-3827, upgrade the affected package to a fixed version below.

• Maven/org.glassfish:javax.faces—upgrade to 2.1.19 or later

Is CVE-2013-3827 being exploited?

Likely — EPSS is 86.8%, placing CVE-2013-3827 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• >= 2.0.0, < 2.1.19

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-3827
• WEBrhn.redhat.com/errata/RHSA-2014-0029.html
• WEBbugs.gentoo.org/show_bug.cgi?id=CVE-2013-3827
• WEBwww.kb.cert.org/vuls/id/526012