Lucene search
GoogleOSV:CVE-2021-26296HistoryFeb 19, 2021 - 9:15 a.m.
CVE-2021-26296
2021-02-1909:15:13
Google
osv.dev
4
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
Related
ibm
ibm
Security Bulletin: WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in Apache MyFaces (CVE-2021-26296)
2021-04-19 17:44:24
cve
cve
CVE-2021-26296
2021-02-19 09:15:13
osv
osv
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
redhat
redhat
(RHSA-2021:2439) Important: Open Liberty 21.0.0.6 Runtime security update
2021-06-15 13:03:25
prion
prion
Cross site request forgery (csrf)
2021-02-19 09:15:00
nvd
nvd
CVE-2021-26296
2021-02-19 09:15:13
packetstorm
packetstorm
Apache MyFaces 2.x Cross Site Request Forgery
2021-02-20 00:00:00
redhatcve
redhatcve
CVE-2021-26296
2021-02-18 21:24:39
zdt
zdt
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
2021-02-20 00:00:00
veracode
veracode
Insecure Anti-CSRF Tokens
2021-02-22 07:08:20
github
github
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
cvelist
cvelist