Lucene search
PRIOn knowledge basePRION:CVE-2021-26296HistoryFeb 19, 2021 - 9:15 a.m.
Cross site request forgery (csrf)
2021-02-1909:15:00
PRIOn knowledge base
www.prio-n.com
7
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
Related
ibm
ibm
Security Bulletin: Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296)
2021-04-12 17:31:11
cve
cve
CVE-2021-26296
2021-02-19 09:15:13
osv
osv
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
CVE-2021-26296
2021-02-19 09:15:13
redhat
redhat
(RHSA-2021:2439) Important: Open Liberty 21.0.0.6 Runtime security update
2021-06-15 13:03:25
nvd
nvd
CVE-2021-26296
2021-02-19 09:15:13
packetstorm
packetstorm
Apache MyFaces 2.x Cross Site Request Forgery
2021-02-20 00:00:00
redhatcve
redhatcve
CVE-2021-26296
2021-02-18 21:24:39
github
github
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
zdt
zdt
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
2021-02-20 00:00:00
veracode
veracode
Insecure Anti-CSRF Tokens
2021-02-22 07:08:20
cvelist
cvelist