5 matches found
Linux Distros Unpatched Vulnerability : CVE-2010-2057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message...
br.com.caelum.stella:myfaces-example (=1.1), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +44 more potentially affected by CVE-2010-2057 via org.apache.myfaces.core:myfaces-impl (>=1.2.0 <=1.2.8)
org.apache.myfaces.core:myfaces-impl MAVEN version =1.2.0, =1.2.1, =0.9.4, =0.9.4, =0.9.4, =2.2, =2.2, =2.1, =2.1, =2.0.1, =2.0.1, =2.2, =2.2, =2.2.1 - org.apache.myfaces.commons:myfaces-commons-examples12 =1.0.0 and more Source cves: CVE-2010-2057 Source advisory: OSV:GHSA-4FV4-CQ5V-X45M...
Sql injection
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...
CVE-2010-2057
CVE-2010-2057 affects Apache MyFaces: shared/util/StateUtils.java uses an encrypted View State without a Message Authentication Code (MAC) in MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1. The underlying issue is lack of MAC protection on the serialized View State, enabli...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...