Vulnerabilites related to apache - myfaces
CVE-2011-4343 (GCVE-0-2011-4343)
Vulnerability from cvelistv5
Published
2017-08-08 21:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Full-disclosure] 20111205 Apache MyFaces information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=132313252814362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch"
},
{
"name": "1039695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-01T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Full-disclosure] 20111205 Apache MyFaces information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=132313252814362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch"
},
{
"name": "1039695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039695"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4343",
"datePublished": "2017-08-08T21:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4367 (GCVE-0-2011-4367)
Vulnerability from cvelistv5
Published
2014-06-19 14:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/150"
},
{
"name": "79002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/79002"
},
{
"name": "myfaces-in-directory-traversal(73100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73100"
},
{
"name": "47973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47973"
},
{
"name": "51939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51939"
},
{
"name": "[myfaces-announce] 20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/150"
},
{
"name": "79002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/79002"
},
{
"name": "myfaces-in-directory-traversal(73100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73100"
},
{
"name": "47973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47973"
},
{
"name": "51939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51939"
},
{
"name": "[myfaces-announce] 20120209 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4367",
"datePublished": "2014-06-19T14:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2057 (GCVE-0-2010-2057)
Vulnerability from cvelistv5
Published
2010-10-20 17:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/MYFACES-2749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327\u0026r2=951801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-20T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/MYFACES-2749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327\u0026r2=951801"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2057",
"datePublished": "2010-10-20T17:00:00Z",
"dateReserved": "2010-05-25T00:00:00Z",
"dateUpdated": "2024-08-07T02:17:14.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26296 (GCVE-0-2021-26296)
Vulnerability from cvelistv5
Published
2021-02-19 08:30
Modified
2025-02-13 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache MyFaces Core |
Version: Apache MyFaces Core 2.2 < 2.2.14 Version: Apache MyFaces Core 2.3 < 2.3.8 Version: Apache MyFaces Core 2.3-next < 2.3-next-M5 Version: Apache MyFaces Core 3.0 < 3.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"name": "20210219 [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache MyFaces Core",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.14",
"status": "affected",
"version": "Apache MyFaces Core 2.2",
"versionType": "custom"
},
{
"lessThan": "2.3.8",
"status": "affected",
"version": "Apache MyFaces Core 2.3",
"versionType": "custom"
},
{
"lessThan": "2.3-next-M5",
"status": "affected",
"version": "Apache MyFaces Core 2.3-next",
"versionType": "custom"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "Apache MyFaces Core 3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache MyFaces would like to thank Wolfgang Ettlinger (Certitude Consulting GmbH)"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T20:20:55.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"name": "20210219 [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0007/"
}
],
"source": {
"defect": [
"MYFACES-4373"
],
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces",
"workarounds": [
{
"lang": "en",
"value": "Existing web.xml configuration parameters can be used to direct MyFaces to use SecureRandom for CSRF token generation:\n\norg.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN=secureRandom"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-26296",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache MyFaces Core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache MyFaces Core 2.2",
"version_value": "2.2.14"
},
{
"version_affected": "\u003c",
"version_name": "Apache MyFaces Core 2.3",
"version_value": "2.3.8"
},
{
"version_affected": "\u003c",
"version_name": "Apache MyFaces Core 2.3-next",
"version_value": "2.3-next-M5"
},
{
"version_affected": "\u003c",
"version_name": "Apache MyFaces Core 3.0",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache MyFaces would like to thank Wolfgang Ettlinger (Certitude Consulting GmbH)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"name": "20210219 [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
},
{
"name": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210528-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210528-0007/"
}
]
},
"source": {
"defect": [
"MYFACES-4373"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Existing web.xml configuration parameters can be used to direct MyFaces to use SecureRandom for CSRF token generation:\n\norg.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN=secureRandom"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-26296",
"datePublished": "2021-02-19T08:30:14.000Z",
"dateReserved": "2021-01-28T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:52.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2086 (GCVE-0-2010-2086)
Vulnerability from cvelistv5
Published
2010-05-27 18:32
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T18:32:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2086",
"datePublished": "2010-05-27T18:32:00Z",
"dateReserved": "2010-05-27T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:44.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-02-19 09:15
Modified
2024-11-21 05:56
Severity ?
Summary
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43C2311F-12BF-4C37-8FF2-B5F555888D92",
"versionEndIncluding": "2.2.13",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA9DF3E-01A7-49C4-9E63-1CA07DA1A2C2",
"versionEndIncluding": "2.3.7",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.3:next-m1:*:*:*:*:*:*",
"matchCriteriaId": "EF54DDD0-74AA-494B-9F69-C1BA5A208B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.3:next-m2:*:*:*:*:*:*",
"matchCriteriaId": "6DBA33A5-97A2-45D4-AAAC-AD6A05888656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.3:next-m3:*:*:*:*:*:*",
"matchCriteriaId": "CBE81BF3-66DB-4BD7-A767-547A727CF9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.3:next-m4:*:*:*:*:*:*",
"matchCriteriaId": "3A377CFB-B073-4B74-9CE9-0D09A08FCFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CD2AAA3-C1C0-43B2-BD90-742B0B85CD65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application."
},
{
"lang": "es",
"value": "En la configuraci\u00f3n predeterminada, Apache MyFaces Core versiones 2.2.0 hasta 2.2.13, versiones 2.3.0 hasta 2.3.7, versiones 2.3-next-M1 hasta 2.3-next-M4 y 3.0.0-RC1, usan tokens de tipo cross-site request forgery (CSRF) impl\u00edcitos y expl\u00edcitos criptogr\u00e1ficamente d\u00e9biles.\u0026#xa0;Debido a esa limitaci\u00f3n, es posible (aunque dif\u00edcil) para un atacante calcular un valor futuro de token CSRF y usar ese valor para enga\u00f1ar al usuario a ejecutar acciones no deseadas en una aplicaci\u00f3n"
}
],
"id": "CVE-2021-26296",
"lastModified": "2024-11-21T05:56:02.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T09:15:13.283",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0007/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2580B43F-97E4-4A6A-904E-7A758298B59E",
"versionEndIncluding": "2.0.11",
"versionStartIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9936B7DE-3815-4096-B30E-49267A331699",
"versionEndIncluding": "2.1.5",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en MyFaces JavaServer Faces (JSF) en Apache MyFaces Core 2.0.x anterior a 2.0.12 y 2.1.x anterior a 2.1.6 permiten a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en (1) el par\u00e1metro ln en faces/javax.faces.resource/web.xml o (2) PATH_INFO en faces/javax.faces.resource/."
}
],
"id": "CVE-2011-4367",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-19T14:55:06.693",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/show/osvdb/79002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/150"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47973"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51939"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/myfaces-announce/201202.mbox/%3C4F33ED1F.4070007%40apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/show/osvdb/79002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73100"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-27 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D102CD0D-2BA8-4915-85BF-715AD9D2EA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "606B8964-297B-4D44-A603-9759B51151A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
},
{
"lang": "es",
"value": "Apache MyFaces v1.1.7 y v1.2.8, como el usado en IBM WebSphere Application Server y otras aplicaciones, no maneja de forma adecuada el estado de vista no cifrada lo que permite a atacantes remotos para conducir ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) o ejecutar c\u00f3digo Expression Language (EL) a trav\u00e9s de vectores que implican modificar el objeto vista serializada. \r\n"
}
],
"id": "CVE-2010-2086",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-27T19:00:01.063",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-20 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | myfaces | 1.1.0 | |
| apache | myfaces | 1.1.1 | |
| apache | myfaces | 1.1.2 | |
| apache | myfaces | 1.1.3 | |
| apache | myfaces | 1.1.4 | |
| apache | myfaces | 1.1.5 | |
| apache | myfaces | 1.1.6 | |
| apache | myfaces | 1.1.7 | |
| apache | myfaces | 1.2.2 | |
| apache | myfaces | 1.2.3 | |
| apache | myfaces | 1.2.4 | |
| apache | myfaces | 1.2.5 | |
| apache | myfaces | 1.2.6 | |
| apache | myfaces | 1.2.7 | |
| apache | myfaces | 1.2.8 | |
| apache | myfaces | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1201479B-D49A-4AE4-906B-497BBCF49DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4A602F-605E-44AB-A94C-FACA6644AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BC7980-C49E-494D-B7D4-6CA306628900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F686D80E-F592-4994-8648-61CE53D04CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F201327-7EE2-4B1D-A5A2-C789AC8F7D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C2699C-53E5-4523-9523-862E2F25682B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "67356C59-5DAD-496F-B199-58FD06358963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D102CD0D-2BA8-4915-85BF-715AD9D2EA90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "672F3559-6044-44DA-8021-45736B2668DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "32E8219C-962D-4513-A463-E31D1D427C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2334B48-D635-487A-965C-400ED18E8896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC17DE4-F933-45D0-A202-62871C9F0B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A58DD4C-C8AD-4352-8AC5-85BDB291D4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C83E7CC2-64E7-45E7-8EEB-8448F59D7724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "606B8964-297B-4D44-A603-9759B51151A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2DA584-D6C3-42EC-9015-B76D4CA60CE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack."
},
{
"lang": "es",
"value": "shared/util/StateUtils.java en Apache MyFaces v1.1.x anterior a v1.1.8, v1.2.x anterior a v1.2.9, y v2.0.x anterior a v2.0.1 utiliza un cifrado View State sin un Codigo de Autenticaci\u00f3n de Mensaje (MAC), lo que cual facilita a los atacantes remotos realizar modificaciones con \u00e9xito de el View State mediante un ataque de relleno."
}
],
"id": "CVE-2010-2057",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-20T18:00:02.503",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327\u0026r2=951801"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/MYFACES-2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327\u0026r2=951801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/MYFACES-2749"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-08 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | myfaces | 2.0.1 | |
| apache | myfaces | 2.0.2 | |
| apache | myfaces | 2.0.3 | |
| apache | myfaces | 2.0.4 | |
| apache | myfaces | 2.0.5 | |
| apache | myfaces | 2.0.6 | |
| apache | myfaces | 2.0.7 | |
| apache | myfaces | 2.0.8 | |
| apache | myfaces | 2.0.9 | |
| apache | myfaces | 2.0.10 | |
| apache | myfaces | 2.1.0 | |
| apache | myfaces | 2.1.1 | |
| apache | myfaces | 2.1.2 | |
| apache | myfaces | 2.1.3 | |
| apache | myfaces | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2553740-5152-4786-85D7-9BD0433E808F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D42FAD0C-903D-4021-9923-531A5B214A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5143735D-2AAF-43BC-9B32-7ADFF18E32BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E1E3E-DAFC-4524-8E38-1A58DDA80FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02AECFF6-62FC-4D1E-AB54-A8FA11CE7887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "146E19F7-86A5-44A3-9AAA-86A507270523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2135F657-49C7-41BE-89C0-3496A92B4E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB544DC3-399C-4ACD-ABAE-F73415BBFDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "998CCCC7-6A28-4510-A19F-DCEFC5F2F66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "39BBDA9C-5778-4AC9-9FD3-0D7F90686422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "885E4270-F460-46A6-9FDE-54E4E5AC1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C1133D-7C27-4BD6-B7A1-480D79841ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F95A59D-2FFB-4A2D-BA53-62C7B59444B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E875F02-7B72-41F4-B800-FCC73734C327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6324BA3-01FD-4BE0-95AF-6CCFBA594A43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters."
},
{
"lang": "es",
"value": "Una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n en Apache MyFaces Core en sus versiones 2.0.1 a2.0.10 y 2.1.0 a 2.1.4 permite que atacantes remotos inyecten expresiones EL mediante par\u00e1metros manipulados."
}
],
"id": "CVE-2011-4343",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-08T21:29:00.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=132313252814362"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1039695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=132313252814362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}