Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-93236
HistorySep 29, 2016 - 12:00 a.m.

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

2016-09-2900:00:00
Symantec Security Response
www.symantec.com
143

0.004 Low

EPSS

Percentile

72.8%

JSON

Description

Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and 2.1.1-core are vulnerable.

Technologies Affected

  • Apache MyFaces Trinidad 1.0.13
  • Apache MyFaces Trinidad 1.2.14
  • Apache MyFaces Trinidad 2.0.1
  • Apache MyFaces Trinidad 2.1.1
  • Oracle Application Testing Suite 12.5.0.3
  • Oracle Communications Performance Intelligence Center (PIC) Software 10.1.5.1
  • Oracle Communications Performance Intelligence Center (PIC) Software 10.2
  • Oracle Communications Services Gatekeeper 5.1
  • Oracle Communications Services Gatekeeper 6.0
  • Oracle Enterprise Manager Base Platform 12.1.0.5
  • Oracle Enterprise Manager Base Platform 13.1.0.0
  • Oracle Enterprise Manager Base Platform 13.2.0.0
  • Oracle Fusion Middleware MapViewer 11.1.1.7.0
  • Oracle Fusion Middleware MapViewer 11.1.1.9.0
  • Oracle Retail Clearance Optimization Engine 13.4
  • Oracle Retail Clearance Optimization Engine 14.0.3
  • Oracle StorageTek Tape Analytics SW Tool
  • Oracle Utilities Customer Self Service 2.1.0.2.0

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, do not open files that originate from untrusted sources.

Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure database servers and other applications to run as a nonadministrative user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.

Related

nvd 1
cvelist 1
zdt 1
prion 1
github 1
osv 1
cve 1
nessus 3
oracle 10
nvd
nvd
CVE-2016-5019
2016-10-03 18:59:04
cvelist
cvelist
CVE-2016-5019
2016-10-03 18:00:00
zdt
zdt
Apache MyFaces Trinidad Information Disclosure Vulnerability
2016-10-03 00:00:00
prion
prion
Deserialization of untrusted data
2016-10-03 18:59:00
github
github
Apache MyFaces Trinidad Deserialization Vulnerability
2022-05-13 01:25:19
osv
osv
Apache MyFaces Trinidad Deserialization Vulnerability
2022-05-13 01:25:19
cve
cve
CVE-2016-5019
2016-10-03 18:59:04
nessus
nessus
Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)
2017-01-25 00:00:00
Oracle JDeveloper Multiple RCE (July 2016 CPU)
2016-09-19 00:00:00
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (July 2017 CPU)
2017-07-21 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update Advisory - January 2017
2017-01-17 00:00:00

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for SMNTC-93236
nvd1cvelist1zdt1prion1github1osv1cve1nessus3oracle10