WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-2086 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

Description

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Remediation

References

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Related Vulnerabilities

CVE-2022-41240 Vulnerability in maven package org.jenkins-ci.plugins:walti

CVE-2013-1879 Vulnerability in maven package activemq:activemq-core

CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2019-15488 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

CVE-2011-2087 Vulnerability in maven package org.apache.struts:struts2-javatemplates-plugin

Severity

Critical

Classification

CWE-79