Описание
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:oracle:mojarra:1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.1_02:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_01:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_02:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_04:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_05:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_06:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_07:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_08:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_09:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:1.2_15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00328
Низкий
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
debian
больше 15 лет назад
Oracle Mojarra uses an encrypted View State without a Message Authenti ...
github
больше 3 лет назад
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
EPSS
Процентиль: 55%
0.00328
Низкий
5 Medium
CVSS2
Дефекты
CWE-310