CVE-2018-14371 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-14371 PUBLISHED

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

EPSS 2.48% · 85.1th percentile

Risk Scores

EPSS Score

2.48%

85.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	mojarra	2.2.8-6, 0
Ubuntu:18.04:LTS	mojarra	0, 2.2.8-3, 2.2.8-4
Ubuntu:24.04:LTS	mojarra	2.2.8-6, 0
Ubuntu:22.04:LTS	mojarra	0, 2.2.8-6
Ubuntu:16.04:LTS	mojarra	0, 2.2.8-1, 2.2.8-2
Ubuntu:25.10	mojarra	0, 2.2.8-6

Timeline

Jul 18, 2018 CVE Published
Apr 14, 2021 EPSS Score
Nov 24, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Dec 26, 2023 CVE Updated
Mar 17, 2025 EPSS Score
Mar 18, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
May 1, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 4, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-14371 third-party-advisory
https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 third-party-advisory
https://github.com/javaserverfaces/mojarra/issues/4364 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-14371 third-party-advisory

Open in Interactive Console →