Vulnerability in Apache Myfaces
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform su…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.010 (77.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Myfaces — versions 1.2.4, 1.1.4, 1.1.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)