Lucene search
ApacheCVELIST:CVE-2021-26296HistoryFeb 19, 2021 - 8:30 a.m.
CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces
2021-02-1908:30:14
CWE-352
apache
raw.githubusercontent.com
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
Related
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-26296)
2021-04-14 14:22:17
prion
prion
Cross site request forgery (csrf)
2021-02-19 09:15:00
packetstorm
packetstorm
Apache MyFaces 2.x Cross Site Request Forgery
2021-02-20 00:00:00
osv
osv
CVE-2021-26296
2021-02-19 09:15:13
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
redhat
redhat
(RHSA-2021:2439) Important: Open Liberty 21.0.0.6 Runtime security update
2021-06-15 13:03:25
cve
cve
CVE-2021-26296
2021-02-19 09:15:13
veracode
veracode
Insecure Anti-CSRF Tokens
2021-02-22 07:08:20
zdt
zdt
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
2021-02-20 00:00:00
github
github
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
redhatcve
redhatcve
CVE-2021-26296
2021-02-18 21:24:39