Lucene search
K

104 matches found

CVE
CVE
added 2018/01/04 3:0 p.m.85 views

CVE-2017-17837

CVE-2017-17837 affects the Apache DeltaSpike-JSF 1.8.0 module with a Cross‑Site Scripting (XSS) leak in how windowId is handled. The windowId is truncated after 10 characters by default, which can limit impact but still constitutes an XSS risk. A fix was released in Apache DeltaSpike 1.8.1 (delta...

6.1CVSS6.1AI score0.04471EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2017/10/24 9:29 p.m.10 views

CVE-2017-1583

IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.13could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF...

7.5CVSS7.2AI score0.0319EPSS
Exploits0References4
CVE
CVE
added 2017/10/24 9:0 p.m.76 views

CVE-2017-1583

CVE-2017-1583 affects IBM WebSphere Application Server (JSF MyFaces) via improper error handling in JSF, enabling a remote attacker to obtain sensitive information. The connected IBM bulletins indicate WebSphere products (Traditional/Liberty) are affected and provide fixes; however, the exact fix...

7.5CVSS7.1AI score0.0319EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/10/24 9:0 p.m.16 views

CVE-2017-1583

IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.13could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF...

7.3AI score0.0319EPSS
Exploits0References4
Veracode
Veracode
added 2017/10/05 8:32 a.m.8 views

Remote Code Execution (RCE)

myfaces-impl is vulnerable to remote code execution RCE attacks. If the ViewState parameter in a JSF page is not encrypted, a malicious user can use it to inject arbitrary code that is executed when sent to the server to be deserialized...

7.8AI score
Exploits0
Veracode
Veracode
added 2017/04/04 6:53 a.m.24 views

Cross-site Scripting (XSS)

Mojarra JSF is vulnerable to cross-site scripting XSS attacks. These attacks are possible due to insufficient escaping of content in the outputText tags and the EL expressions...

4.3CVSS8.3AI score0.04715EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2015/08/11 2:59 p.m.18 views

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

5.8CVSS6.9AI score0.01648EPSS
Exploits0References1
Prion
Prion
added 2015/08/11 2:59 p.m.18 views

Design/Logic Flaw

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

5.8CVSS7.4AI score0.01648EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/08/11 2:0 p.m.32 views

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

6.9AI score0.01648EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.50 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

7.5CVSS6.6AI score0.24738EPSS
Exploits7References20
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.54 views

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update

Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

7.5CVSS6.6AI score0.24738EPSS
Exploits7References22
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to launch...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.31 views

JBoss RichFaces进行Push请求拒绝服务漏洞

CVE ID:CVE-2014-0086 JBoss RichFaces是一个具 Ajax和JSF特性的Web框架。 JBoss RichFaces在处理PushHandlerFilter类src/main/java/org/richfaces/webapp/PushHandlerFilter.java中的推送事件时存在错误,允许远程攻击者利用漏洞发送特制的畸形推送请求消耗系统内存资源,造成拒绝服务攻击。 0 JBoss RichFaces 4.3.4 目前没有详细解决方案提供: https://issues.jboss.org/browse/RF-13250...

4.3CVSS9.2AI score0.01463EPSS
Exploits3
seebug.org
seebug.org
added 2013/07/17 12:0 a.m.140 views

JBoss RichFaces 远程代码执行漏洞(CVE-2013-2165)

Bugtraq ID:61085 CVE ID:CVE-2013-2165 JBoss RichFaces是一个具 Ajax和JSF特性的Web框架 RichFaces ResourceBuilderImpl处理反序列化存在在安全漏洞,允许远程攻击者利用此漏洞发送特殊数据,执行部署在服务器上任意可序列化类中的反序列化方法 此漏洞所产生的影响其严重程序取决于这些类的反序列化逻辑 0 JBoss RichFaces 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: https://rhn.redhat.com/errata/RHSA-2013-1041.html...

7.5CVSS0.2AI score0.12662EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/06/05 12:0 a.m.33 views

Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - Cross-site scripting XSS vulnerabilities exist in its admin and rest interface. These vulnerabilities permit JavaScript to be run in the context of GlassFish, which may result in credentials of...

4.3CVSS5.3AI score0.01046EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.60 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update

Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS6.3AI score0.6477EPSS
Exploits7References10
Fedora
Fedora
added 2012/09/03 12:48 a.m.30 views

[SECURITY] Fedora 17 Update: jabberd-2.2.14-4.fc17

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

5.8CVSS6.4AI score0.0173EPSS
Exploits1
NVD
NVD
added 2012/07/17 10:55 p.m.24 views

CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...

6.4CVSS5.9AI score0.01648EPSS
Exploits0References3
OSV
OSV
added 2012/07/17 10:55 p.m.9 views

CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...

5.8AI score
Exploits0References3
Rows per page
Query Builder