CVE-2011-4358

CVE-2011-4358 affects Oracle GlassFish Server (3.0.1/3.1.1) via a JSF-related expression evaluation flaw that can allow remote attackers to affect confidentiality and integrity. The OpenVAS entry labels this as an Oracle GlassFish Server Expression Evaluation Security Bypass vulnerability (CVSS ~...

Debian DSA-2359-1 : mojarra - EL injection

It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

[SECURITY] [DSA 2359-1] mojarra security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 [email protected] http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2359-1] mojarra security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 [email protected] http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq -...