CVE-2021-44140

Published: Nov 24, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

Vendor	Product	Versions
Apache Software Foundation	Apache JSPWiki	affected `Apache JSPWiki - <= 2.11.0.M8`

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140

x_refsource_MISC

https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-44140

Description

Affected Products

References