CVE-2011-4343
Published Aug 8, 2017
Last updated 7 years ago
Overview
- Description
- Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2553740-5152-4786-85D7-9BD0433E808F"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D42FAD0C-903D-4021-9923-531A5B214A69"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5143735D-2AAF-43BC-9B32-7ADFF18E32BA"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C51E1E3E-DAFC-4524-8E38-1A58DDA80FCA"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02AECFF6-62FC-4D1E-AB54-A8FA11CE7887"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "146E19F7-86A5-44A3-9AAA-86A507270523"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2135F657-49C7-41BE-89C0-3496A92B4E37"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB544DC3-399C-4ACD-ABAE-F73415BBFDBE"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "998CCCC7-6A28-4510-A19F-DCEFC5F2F66D"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39BBDA9C-5778-4AC9-9FD3-0D7F90686422"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "885E4270-F460-46A6-9FDE-54E4E5AC1457"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66C1133D-7C27-4BD6-B7A1-480D79841ED7"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F95A59D-2FFB-4A2D-BA53-62C7B59444B1"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E875F02-7B72-41F4-B800-FCC73734C327"
},
{
"criteria": "cpe:2.3:a:apache:myfaces:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6324BA3-01FD-4BE0-95AF-6CCFBA594A43"
}
],
"operator": "OR"
}
]
}
]