CVE-2010-2057
Published Oct 20, 2010
Last updated 14 years ago
Overview
- Description
- shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1201479B-D49A-4AE4-906B-497BBCF49DAE"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B4A602F-605E-44AB-A94C-FACA6644AEBE"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1BC7980-C49E-494D-B7D4-6CA306628900"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F686D80E-F592-4994-8648-61CE53D04CBC"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F201327-7EE2-4B1D-A5A2-C789AC8F7D80"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6C2699C-53E5-4523-9523-862E2F25682B"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67356C59-5DAD-496F-B199-58FD06358963"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D102CD0D-2BA8-4915-85BF-715AD9D2EA90"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "672F3559-6044-44DA-8021-45736B2668DF"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32E8219C-962D-4513-A463-E31D1D427C89"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2334B48-D635-487A-965C-400ED18E8896"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AC17DE4-F933-45D0-A202-62871C9F0B39"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A58DD4C-C8AD-4352-8AC5-85BDB291D4AB"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C83E7CC2-64E7-45E7-8EEB-8448F59D7724"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "606B8964-297B-4D44-A603-9759B51151A0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB2DA584-D6C3-42EC-9015-B76D4CA60CE9"
}
],
"operator": "OR"
}
]
}
]