VDB
CVE-2018-14371
CVE-2018-14371
PUBLISHED
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.
EPSS 1.62% · 82.2th percentile
Risk Scores
EPSS Score
1.62%
82.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | mojarra | 2.2.8-6, 0 |
| Ubuntu:18.04:LTS | mojarra | 0, 2.2.8-3, 2.2.8-4 |
| Ubuntu:24.04:LTS | mojarra | 0, 2.2.8-6 |
| Ubuntu:22.04:LTS | mojarra | 2.2.8-6, 0 |
| Ubuntu:16.04:LTS | mojarra | 2.2.8-2, 2.2.8-1, 0 |
| Ubuntu:25.10 | mojarra | 0, 2.2.8-6 |
Timeline
- Jul 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Nov 3, 2022 CVE Updated
- Nov 24, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14371 third-party-advisory
- https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 third-party-advisory
- https://github.com/javaserverfaces/mojarra/issues/4364 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14371 third-party-advisory