Vulnerability Description
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Jspwiki | < 2.11.0 |
Related Weaknesses (CWE)
References
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140Vendor Advisory
- https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011tMailing ListVendor Advisory
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140Vendor Advisory
- https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011tMailing ListVendor Advisory
FAQ
What is CVE-2021-44140?
CVE-2021-44140 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable t...
How severe is CVE-2021-44140?
CVE-2021-44140 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44140?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Jspwiki.