Описание
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:myfaces:2.1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00864
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
redhat
около 14 лет назад
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
EPSS
Процентиль: 75%
0.00864
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200