Apache Myfaces
4 CVEs affecting Apache Myfaces. Latest disclosed: 2017-08-08. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2011-4343 | High | 7.5 | 2017-08-08 | Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via c… |
CVE-2011-4367 | | 2014-06-19 | Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote a… | |
CVE-2010-2057 | | 2010-10-20 | shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Aut… | |
CVE-2010-2086 | | 2010-05-27 | Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which a… |