mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
185 lines
6.1 KiB
JSON
185 lines
6.1 KiB
JSON
{
|
|
"id": "CVE-2010-2057",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2010-10-20T18:00:02.503",
|
|
"lastModified": "2010-11-19T05:00:00.000",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "shared/util/StateUtils.java en Apache MyFaces v1.1.x anterior a v1.1.8, v1.2.x anterior a v1.2.9, y v2.0.x anterior a v2.0.1 utiliza un cifrado View State sin un Codigo de Autenticaci\u00f3n de Mensaje (MAC), lo que cual facilita a los atacantes remotos realizar modificaciones con \u00e9xito de el View State mediante un ataque de relleno."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-310"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1201479B-D49A-4AE4-906B-497BBCF49DAE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B4A602F-605E-44AB-A94C-FACA6644AEBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1BC7980-C49E-494D-B7D4-6CA306628900"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F686D80E-F592-4994-8648-61CE53D04CBC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F201327-7EE2-4B1D-A5A2-C789AC8F7D80"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6C2699C-53E5-4523-9523-862E2F25682B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67356C59-5DAD-496F-B199-58FD06358963"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D102CD0D-2BA8-4915-85BF-715AD9D2EA90"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "672F3559-6044-44DA-8021-45736B2668DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32E8219C-962D-4513-A463-E31D1D427C89"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E2334B48-D635-487A-965C-400ED18E8896"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4AC17DE4-F933-45D0-A202-62871C9F0B39"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A58DD4C-C8AD-4352-8AC5-85BDB291D4AB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C83E7CC2-64E7-45E7-8EEB-8448F59D7724"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "606B8964-297B-4D44-A603-9759B51151A0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:myfaces:2.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB2DA584-D6C3-42EC-9015-B76D4CA60CE9"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://issues.apache.org/jira/browse/MYFACES-2749",
|
|
"source": "secalert@redhat.com"
|
|
}
|
|
]
|
|
} |