VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2086
myfaces: Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebS...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2086

Original

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-27
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-28




Affected Product Tags
cpe:/a:apache:myfaces:1.1.7
cpe:/a:apache:myfaces:1.2.8
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

X High [?]
Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
MISC https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt




MISC http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.