Package: jspwiki Severity: grave Tags: security Justification: user security hole
A vulnerability has been found in jspwiki: Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter. See http://marc.info/?l=bugtraq&m=120300554011544&w=2 for mor info. Please mention the CVE id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
