Lucene search
Veracode Vulnerability DatabaseVERACODE:3749HistoryMar 23, 2017 - 8:33 a.m.
Expression Language (EL) Injection
2017-03-2308:33:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.003
Percentile
69.2%
Java Server Faces is vulnerable to expression language injection. The vulnerability is possible when includeViewParameters is set to true on a navigation case.
References
www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
www.securitytracker.com/id?1027277
bugzilla.redhat.com/show_bug.cgi?id=757980
github.com/javaserverfaces/mojarra/commit/082c5fe3504ef49419c9b74eaac31a73413af809
github.com/jboss/mojarra/commit/df7b4cb4aacb4f4582bcf0ef73abaf21693f7201
java.net/jira/browse/JAVASERVERFACES-2247
Related
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-12-12 00:00:00
[SECURITY] [DSA 2359-1] mojarra security update
2011-12-12 00:00:00
nessus
nessus
Debian DSA-2359-1 : mojarra - EL injection
2012-01-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 2359-1 (mojarra)
2012-02-11 00:00:00
Oracle GlassFish Server Expression Evaluation Security Bypass Vulnerability
2012-08-07 00:00:00
Debian: Security Advisory (DSA-2359-1)
2012-02-11 00:00:00
debiancve
debiancve
CVE-2011-4358
2012-07-17 22:55:01
cvelist
cvelist
CVE-2011-4358
2012-07-17 22:00:00
prion
prion
Buffer overflow
2012-07-17 22:55:00
nvd
nvd
CVE-2011-4358
2012-07-17 22:55:01
debian
debian
[SECURITY] [DSA 2359-1] mojarra security update
2011-12-06 19:59:12
ubuntucve
ubuntucve
CVE-2011-4358
2012-07-17 00:00:00
cve
cve
CVE-2011-4358
2012-07-17 22:55:01
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00