This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
A Java application hosted on the remote web server is affected by
multiple partial directory traversal vulnerabilities.
The remote web server contains a JavaServer Faces application that is
affected by multiple partial directory traversal vulnerabilities :
- A defect exists in the handling of a resource identifier
that allows for directory traversal within the
- A defect exists in the handling of a library name that
allows for directory traversal within the application.
Note that the application may also be affected by a ViewState HMAC
non-constant verification weakness
however, Nessus has not tested for
Note that this plugin will only report the first vulnerable
See also :
Install the patch per the instructions in the vendor's advisory.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 70963 ()
Bugtraq ID: 63052
CVE ID: CVE-2013-3827
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.