15 matches found
EUVD-2022-4414
Malicious code in bioql PyPI...
com.github.httpmock:mock-http-server-junit (>=1.0.0 <=1.1.5), com.github.httpmock:mock-http-server-standalone (>=1.0.0 <=1.1.9) +41 more potentially affected by CVE-2011-4367 via org.apache.myfaces.core:myfaces-impl (>=2.1.0 <=2.1.5)
org.apache.myfaces.core:myfaces-impl MAVEN version =2.1.0, =1.0.0, =1.0.0, =0.9.5, =0.9.6, =0.9.6, =2.4.2, =2.1.0, =2.1.0, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =1.0.1, =1.5.1, =1.5.1, =1.7.5 and more Source cves: CVE-2011-4367 Source advisory: OSV:GHSA-GJFX-9WX3-J6R7...
CVE-2021-26296
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...
CVE-2021-26296
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...
CVE-2021-26296
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
CVE-2011-4343
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters...
CVE-2011-4343
CVE-2011-4343 is an information-disclosure vulnerability in the JavaServer Faces (JSF) / MyFaces component used by IBM WebSphere Application Server. It allows remote attackers to obtain sensitive information by injecting EL expressions via crafted input parameters. Public sources (IBM bulletins r...
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
Directory traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
CVE-2011-4367
This CVE concerns Apache MyFaces Core (JSF) path traversal in MyFaces JSF. Affected versions are Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6. An attacker can read arbitrary files by supplying a .. sequence via the ln parameter to faces/javax.faces.resource/web.xml or via PATH_INFO to faces/ja...
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...
Apache MyFaces Information Disclosure
-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...