WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-2086 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

Description

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Remediation

References

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Related Vulnerabilities

CVE-2017-16008 Vulnerability in maven package org.webjars.bower:i18next

CVE-2022-0225 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

CVE-2021-30109 Vulnerability in npm package froala-editor

CVE-2020-24706 Vulnerability in maven package org.wso2.carbon:org.wso2.carbon.ui

Severity

Critical

Classification

CWE-79