Vulnerabilities > Oracle > Mojarra > 1.2.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-20 | CVE-2010-4007 | Cryptographic Issues vulnerability in Oracle Mojarra Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. | 5.0 |
2010-05-27 | CVE-2010-2087 | Cross-Site Scripting vulnerability in Oracle Mojarra 1.214/2.0.2 Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | 4.3 |