CVE-2010-4007
Published Oct 20, 2010
Last updated 14 years ago
Overview
- Description
- Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7868B5A2-6DA3-4013-82C0-76032CA6FE6E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.1_02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAB34299-7DB4-40FD-87DD-25A616F65021"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF1F809-1EA8-49F4-AA88-1C4146545F04"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C1FE208-AF1B-4AA4-97B8-EDBBBC9EFAC2"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8AD3953-32B6-4E96-971D-D6691C9B7D74"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "549B1B87-E443-4B02-8ECC-E958F1F1427D"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "971F866D-BED1-4759-9248-8695F236517F"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1AFAB21-2B39-411D-AAC6-5E4DBC4FBB1C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "824FBF38-130D-4A7F-9A15-74E7EB8F7E4F"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D62C733-C2E9-48BE-807A-FD56A0D4E4DB"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2658CD15-0A0C-43B5-BAE5-F990D09CF99A"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_09:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "368DF549-211B-4F42-8A1B-BB4E60E857C0"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFE57006-A4B6-4CBA-B3D4-653447984F0C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E23AA71-F6B8-4BD8-89E6-8D4631203FAC"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84D55821-9C48-4B98-B396-84DCE784AF4B"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6793CECD-A268-43B3-BEF7-7A7757825968"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0EE32A1-5581-4609-8ED0-541C64E4F4AD"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:1.2_15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DEB9C53-A3AF-4E60-A4C2-48114F086425"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26D5DBEE-76ED-4F28-BCC8-983193113C4E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9AE8B6B-E2DB-426C-9FFE-DE5BFAB31523"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B61EBC64-67E8-48FB-85B6-FBDDC4792152"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F05FD6F-568A-41D8-BA8D-091E29E5A953"
}
],
"operator": "OR"
}
]
}
]