2 matches found
CVE-2010-4007
Oracle Mojarra is affected by CVE-2010-4007 due to an encrypted View State without a Message Authentication Code (MAC), enabling a padding oracle attack to modify the View State remotely. This weakness is reiterated across multiple sources (NVD, Red Hat advisory, and other feeds) and is tied to M...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...