Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2010-2086 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

Description

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Remediation

References

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Related Vulnerabilities

CVE-2016-10735 Vulnerability in maven package ua.mobius.media:bootstrap

CVE-2018-19056 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2018-11011 Vulnerability in maven package cc.ryanc:halo

CVE-2021-32850 Vulnerability in npm package @claviska/jquery-minicolors

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

Severity

Critical

Classification

CWE-79