Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache myfaces vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2021-26296
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although diffic...
Apache Myfaces
Apache Myfaces 2.3
Apache Myfaces 3.0.0
Netapp Oncommand Insight -
2 Github repositories
5
CVSSv2
CVE-2011-4343
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 up to and including 2.0.10 and 2.1.0 up to and including 2.1.4 allows remote malicious users to inject EL expressions via crafted parameters.
Apache Myfaces 2.0.1
Apache Myfaces 2.1.3
Apache Myfaces 2.1.4
Apache Myfaces 2.0.4
Apache Myfaces 2.1.0
Apache Myfaces 2.0.7
Apache Myfaces 2.0.8
Apache Myfaces 2.1.1
Apache Myfaces 2.1.2
Apache Myfaces 2.0.9
Apache Myfaces 2.0.10
Apache Myfaces 2.0.2
Apache Myfaces 2.0.3
Apache Myfaces 2.0.5
Apache Myfaces 2.0.6
7.5
CVSSv2
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 up to and including 1.0.13, 1.2.x prior to 1.2.15, 2.0.x prior to 2.0.2, and 2.1.x prior to 2.1.2 might allow malicious users to conduct deserialization attacks via a crafted serialized view state string.
Apache Myfaces Trinidad
5
CVSSv2
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.6 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.x...
Apache Myfaces
1 EDB exploit
5
CVSSv2
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x prior to 1.1.8, 1.2.x prior to 1.2.9, and 2.0.x prior to 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote malicious users to perform successful modifications of the...
Apache Myfaces 1.1.4
Apache Myfaces 1.1.5
Apache Myfaces 1.1.6
Apache Myfaces 1.1.7
Apache Myfaces 1.1.0
Apache Myfaces 1.1.2
Apache Myfaces 1.1.1
Apache Myfaces 1.1.3
Apache Myfaces 1.2.6
Apache Myfaces 1.2.7
Apache Myfaces 1.2.8
Apache Myfaces 1.2.2
Apache Myfaces 1.2.4
Apache Myfaces 1.2.3
Apache Myfaces 1.2.5
Apache Myfaces 2.0.0
4
CVSSv2
CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) ...
Apache Myfaces 1.1.7
Apache Myfaces 1.2.8
4.3
CVSSv2
CVE-2007-3101
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk prior to 1.1.6 allow remote malicious users to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Apache Myfaces Tomahawk
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started