Описание
Apache MyFaces Vulnerable to EL Injection
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4343
- https://github.com/apache/myfaces/commit/a74b551b2ce6e88101ff453389a761f230e428a1
- https://github.com/apache/myfaces/commit/caee86e71ab8c5f038186158e9955887ed72a0fd
- https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch
- http://marc.info/?l=full-disclosure&m=132313252814362
Пакеты
Наименование
org.apache.myfaces.core:myfaces-core-module
maven
Затронутые версииВерсия исправления
>= 2.0.1, <= 2.0.10
2.0.11
Наименование
org.apache.myfaces.core:myfaces-core-module
maven
Затронутые версииВерсия исправления
>= 2.1.0, <= 2.1.4
2.1.5
Связанные уязвимости
redhat
около 14 лет назад
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
CVSS3: 7.5
nvd
больше 8 лет назад
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.