Medium severity4.9NVD Advisory· Published Feb 17, 2017· Updated May 13, 2026
CVE-2016-4314
CVE-2016-4314
Description
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wso2.carbon.commons:org.wso2.carbon.logging.view.uiMaven | <= 4.4.5 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098nvdPatchVendor Advisory
- hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txtnvdExploitThird Party AdvisoryWEB
- packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.htmlnvdExploitThird Party AdvisoryVDB EntryWEB
- www.exploit-db.com/exploits/40240/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/92473nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-mjww-vqqw-v78qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4314ghsaADVISORY
- github.com/wso2/docs-security/blob/main/en/docs/security-announcements/security-advisories/2016/WSO2-2016-0098.mdghsaWEB
- web.archive.org/web/20201207110545/http://www.securityfocus.com/archive/1/539200/100/0/threadedghsaWEB
- www.exploit-db.com/exploits/40240ghsaWEB
- www.securityfocus.com/archive/1/539200/100/0/threadednvd
News mentions
0No linked articles in our index yet.