6.5 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.1%
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
bugzilla.redhat.com/show_bug.cgi?id=623799
issues.apache.org/jira/browse/MYFACES-2749