CVE-2010-4007

Severity

50%

Complexity

99%

Confidentiality

48%

Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.

Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

Oracle Mojarra JavaServer(TM) Faces

First reported 14 years ago

2010-10-20 18:00:00

Last updated 14 years ago

2010-10-21 04:00:00

Affected Software

Oracle Mojarra JavaServer(TM) Faces 1.1

1.1

Oracle Mojarra JavaServer(TM) Faces 1.1_02

1.1_02

Oracle Mojarra JavaServer(TM) Faces 1.2

1.2

Oracle Mojarra JavaServer(TM) Faces 1.2_01

1.2_01

Oracle Mojarra JavaServer(TM) Faces 1.2_02

1.2_02

Oracle Mojarra JavaServer(TM) Faces 1.2_03

1.2_03

Oracle Mojarra JavaServer(TM) Faces 1.2_04

1.2_04

Oracle Mojarra JavaServer(TM) Faces 1.2_05

1.2_05

Oracle Mojarra JavaServer(TM) Faces 1.2_06

1.2_06

Oracle Mojarra JavaServer(TM) Faces 1.2_07

1.2_07

Oracle Mojarra JavaServer(TM) Faces 1.2_08

1.2_08

Oracle Mojarra JavaServer(TM) Faces 1.2_09

1.2_09

Oracle Mojarra JavaServer(TM) Faces 1.2_10

1.2_10

Oracle Mojarra JavaServer(TM) Faces 1.2_11

1.2_11

Oracle Mojarra JavaServer(TM) Faces 1.2_12

1.2_12

Oracle Mojarra JavaServer(TM) Faces 1.2_13

1.2_13

Oracle Mojarra JavaServer(TM) Faces 1.2_14

1.2_14

Oracle Mojarra JavaServer(TM) Faces 1.2_15

1.2_15

Oracle Mojarra JavaServer(TM) Faces 2.0.0

2.0.0

Oracle Mojarra JavaServer(TM) Faces 2.0.1

2.0.1

Oracle Mojarra JavaServer(TM) Faces 2.0.2

2.0.2

Oracle Mojarra JavaServer(TM) Faces 2.0.3

2.0.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=623799

https://issues.apache.org/jira/browse/MYFACES-2749

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.