Lucene search
GitHub Advisory DatabaseGHSA-4FV4-CQ5V-X45MHistoryMay 17, 2022 - 5:45 a.m.
Improper Authentication in Apache MyFaces
2022-05-1705:45:54
CWE-287
GitHub Advisory Database
github.com
8
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.1%
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
Affected configurations
Node
org.apache.myfaces.core\myfacesMatchimpl
ORorg.apache.myfaces.core\myfacesMatchimpl
ORorg.apache.myfaces.core\myfacesMatchimpl
ORshared_files_proshared_filesRange<2.0.1
ORshared_files_proshared_filesRange<1.2.9
ORshared_files_proshared_filesRange<1.1.8
References
Related
osv
osv
Improper Authentication in Apache MyFaces
2022-05-17 05:45:54
cve
cve
CVE-2010-2057
2010-10-20 18:00:02
CVE-2010-4007
2022-10-03 16:21:06
prion
prion
Authentication flaw
2010-10-20 18:00:00
Sql injection
2010-10-20 18:00:00
cvelist
cvelist
CVE-2010-2057
2010-10-20 17:00:00
CVE-2010-4007
2022-10-03 16:21:06
nvd
nvd
CVE-2010-2057
2010-10-20 18:00:02
CVE-2010-4007
2010-10-20 18:00:04
debiancve
debiancve
CVE-2010-4007
2022-10-03 16:21:06
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.1%
Related for GHSA-4FV4-CQ5V-X45M