First published: Thu May 27 2010(Updated: )
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Caucho Resin | ||
Ibm Websphere Application Server | ||
Oracle Mojarra | =1.2_14 | |
Oracle Mojarra | =2.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.