First published: Wed Oct 20 2010(Updated: )
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Mojarra | =1.2_05 | |
Oracle Mojarra | =1.1_02 | |
Oracle Mojarra | =1.1 | |
Oracle Mojarra | =1.2_13 | |
Oracle Mojarra | =1.2 | |
Oracle Mojarra | =1.2_06 | |
Oracle Mojarra | =1.2_10 | |
Oracle Mojarra | =1.2_08 | |
Oracle Mojarra | =2.0.0 | |
Oracle Mojarra | =1.2_04 | |
Oracle Mojarra | =2.0.2 | |
Oracle Mojarra | =1.2_09 | |
Oracle Mojarra | =1.2_12 | |
Oracle Mojarra | =2.0.1 | |
Oracle Mojarra | =1.2_11 | |
Oracle Mojarra | =1.2_01 | |
Oracle Mojarra | =1.2_07 | |
Oracle Mojarra | =1.2_03 | |
Oracle Mojarra | =2.0.3 | |
Oracle Mojarra | =1.2_14 | |
Oracle Mojarra | =1.2_02 | |
Oracle Mojarra | =1.2_15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.