Lucene search
HistoryOct 20, 2010 - 6:00 p.m.
CVE-2010-4007
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.1%
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Affected configurations
Node
oraclemojarraMatch1.1
ORoraclemojarraMatch1.1_02
ORoraclemojarraMatch1.2
ORoraclemojarraMatch1.2_01
ORoraclemojarraMatch1.2_02
ORoraclemojarraMatch1.2_03
ORoraclemojarraMatch1.2_04
ORoraclemojarraMatch1.2_05
ORoraclemojarraMatch1.2_06
ORoraclemojarraMatch1.2_07
ORoraclemojarraMatch1.2_08
ORoraclemojarraMatch1.2_09
ORoraclemojarraMatch1.2_10
ORoraclemojarraMatch1.2_11
ORoraclemojarraMatch1.2_12
ORoraclemojarraMatch1.2_13
ORoraclemojarraMatch1.2_14
ORoraclemojarraMatch1.2_15
ORoraclemojarraMatch2.0.0
ORoraclemojarraMatch2.0.1
ORoraclemojarraMatch2.0.2
ORoraclemojarraMatch2.0.3
Related
cve
cve
CVE-2010-4007
2022-10-03 16:21:06
CVE-2010-2057
2010-10-20 18:00:02
cvelist
cvelist
CVE-2010-4007
2022-10-03 16:21:06
CVE-2010-2057
2010-10-20 17:00:00
debiancve
debiancve
CVE-2010-4007
2022-10-03 16:21:06
prion
prion
Sql injection
2010-10-20 18:00:00
Authentication flaw
2010-10-20 18:00:00
osv
osv
Improper Authentication in Apache MyFaces
2022-05-17 05:45:54
github
github
Improper Authentication in Apache MyFaces
2022-05-17 05:45:54
nvd
nvd
CVE-2010-2057
2010-10-20 18:00:02
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.1%
Related for NVD:CVE-2010-4007