Lucene search
+L

98 matches found

Exploit DB
Exploit DB
added 2012/02/09 12:0 a.m.36 views

Apache MyFaces - 'ln' Information Disclosure

source: https://www.securityfocus.com/bid/51939/info Apache MyFaces is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are affected: Apache MyFaces 2.0.1 through...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/12/05 12:0 a.m.28 views

Apache MyFaces 2.0 / 2.1 Information Disclosure

-------------------------------------------------------------------------------------------------- CVE-2011-4343: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.10 MyFaces Core 2.1.0 to...

7.7AI score0.05334EPSS
Exploits1
seebug.org
seebug.org
added 2011/12/01 12:0 a.m.55 views

Apache MyFaces EL表达式求值安全绕过漏洞

Bugtraq ID: 50848 CVE ID:CVE-2011-4359 Apache MyFaces是一款JavaServer Faces技术开源实现。 Apache MyFaces存在安全漏洞,允许恶意用户绕过部分安全限制。 问题是由于解析Java Bean中的参数存在错误,可导致部分参数以EL表达式语言表达式求值。 成功利用漏洞需要Java Bean中"includeViewParameters"设置为"true"。 Apache MyFaces 2.1.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...

6.5AI score
Exploits2
NVD
NVD
added 2010/10/20 6:0 p.m.41 views

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

5CVSS6.6AI score0.03099EPSS
Exploits0References3
Prion
Prion
added 2010/10/20 6:0 p.m.19 views

Authentication flaw

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

5CVSS7AI score0.03099EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/10/20 5:0 p.m.40 views

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

6.6AI score0.03099EPSS
Exploits0References3
CVE
CVE
added 2010/10/20 5:0 p.m.87 views

CVE-2010-2057

CVE-2010-2057 affects Apache MyFaces: shared/util/StateUtils.java uses an encrypted View State without a Message Authentication Code (MAC) in MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1. The underlying issue is lack of MAC protection on the serialized View State, enabli...

5CVSS6.8AI score0.03099EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2010/05/31 12:0 a.m.48 views

Apache MyFaces ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2086 Apache MyFaces是JavaServer Faces标准的开源实现。 在没有加密view state的情况下,远程攻击者就可以通过在请求中向Apache MyFaces提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。 Apache Group MyFaces 1.2.8 Apache Group MyFaces 1.1.7 厂商补丁: Apache Group ------------...

4CVSS6.5AI score0.02118EPSS
Exploits1
NVD
NVD
added 2010/05/27 7:0 p.m.27 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS5.9AI score0.02118EPSS
Exploits1References2
Prion
Prion
added 2010/05/27 7:0 p.m.24 views

Cross site scripting

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS6.3AI score0.02118EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.38 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

5.9AI score0.02118EPSS
Exploits1References2
Prion
Prion
added 2007/06/18 10:30 a.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

4.3CVSS6.2AI score0.44453EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/06/18 10:30 a.m.19 views

CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

4.3CVSS5.8AI score0.44453EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/06/18 10:0 a.m.28 views

CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

5.8AI score0.44453EPSS
Exploits0References7
CVE
CVE
added 2007/06/18 10:0 a.m.56 views

CVE-2007-3101

CVE-2007-3101 corresponds to XSS in Apache MyFaces Tomahawk JSF framework prior to 1.1.6. The vulnerability arises from unsanitized autoscroll input that is injected into Javascript sent to clients, enabling remote script execution in the user’s browser. Remediation: upgrade to MyFaces Tomahawk 1...

4.3CVSS5.8AI score0.44453EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2007/06/18 12:0 a.m.37 views

Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞

Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时,由于不充分过滤,可导致提交恶意脚本代码作为参数,当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序: Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/06/15 12:0 a.m.46 views

Apache MyFaces Tomahawk crossite scripting

Crossite scripting on 'autoscroll' parameter...

4.3CVSS1.7AI score0.44453EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/06/15 12:0 a.m.64 views

iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability

Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...

4.3CVSS0.2AI score0.44453EPSS
Exploits0
Rows per page
Query Builder