CVE-2010-4007

Published Oct 20, 2010

Last updated 3 months ago

CVSS info 5.0

Overview

Description: Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7868B5A2-6DA3-4013-82C0-76032CA6FE6E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.1_02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAB34299-7DB4-40FD-87DD-25A616F65021"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BF1F809-1EA8-49F4-AA88-1C4146545F04"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C1FE208-AF1B-4AA4-97B8-EDBBBC9EFAC2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8AD3953-32B6-4E96-971D-D6691C9B7D74"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "549B1B87-E443-4B02-8ECC-E958F1F1427D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "971F866D-BED1-4759-9248-8695F236517F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AFAB21-2B39-411D-AAC6-5E4DBC4FBB1C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "824FBF38-130D-4A7F-9A15-74E7EB8F7E4F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D62C733-C2E9-48BE-807A-FD56A0D4E4DB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2658CD15-0A0C-43B5-BAE5-F990D09CF99A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "368DF549-211B-4F42-8A1B-BB4E60E857C0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFE57006-A4B6-4CBA-B3D4-653447984F0C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E23AA71-F6B8-4BD8-89E6-8D4631203FAC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84D55821-9C48-4B98-B396-84DCE784AF4B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6793CECD-A268-43B3-BEF7-7A7757825968"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0EE32A1-5581-4609-8ED0-541C64E4F4AD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:1.2_15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DEB9C53-A3AF-4E60-A4C2-48114F086425"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D5DBEE-76ED-4F28-BCC8-983193113C4E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9AE8B6B-E2DB-426C-9FFE-DE5BFAB31523"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B61EBC64-67E8-48FB-85B6-FBDDC4792152"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F05FD6F-568A-41D8-BA8D-091E29E5A953"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References