Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19706
HistoryMay 31, 2010 - 12:00 a.m.

Oracle Mojarra ViewState远程跨站脚本漏洞

2010-05-3100:00:00
Root
www.seebug.org
21

EPSS

0.002

Percentile

56.8%

JSON

CVE ID: CVE-2010-2087

Mojarrais是JavaServer Faces标准的开源实现。

在没有加密view state的情况下,远程攻击者就可以通过在请求中向Mojarrais提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。

Oracle Mojarra 2.0.2
Oracle Mojarra 1.2_14
厂商补丁:

Oracle

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.oracle.com

Related

debiancve 1
nvd 1
prion 1
cvelist 1
cve 1
debiancve
debiancve
CVE-2010-2087
2010-05-27 19:00:01
nvd
nvd
CVE-2010-2087
2010-05-27 19:00:01
prion
prion
Cross site scripting
2010-05-27 19:00:00
cvelist
cvelist
CVE-2010-2087
2010-05-27 18:32:00
cve
cve
CVE-2010-2087
2010-05-27 19:00:01

EPSS

0.002

Percentile

56.8%

JSON
Related for SSV:19706
debiancve1nvd1prion1cvelist1cve1