Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache myfaces vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-26296
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although diffic...
Apache Myfaces 2.3
Apache Myfaces
Apache Myfaces 3.0.0
Netapp Oncommand Insight -
2 Github repositories
7.5
CVSSv3
CVE-2011-4343
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 up to and including 2.0.10 and 2.1.0 up to and including 2.1.4 allows remote malicious users to inject EL expressions via crafted parameters.
Apache Myfaces 2.0.10
Apache Myfaces 2.0.8
Apache Myfaces 2.0.4
Apache Myfaces 2.0.7
Apache Myfaces 2.1.0
Apache Myfaces 2.0.2
Apache Myfaces 2.0.1
Apache Myfaces 2.1.1
Apache Myfaces 2.1.3
Apache Myfaces 2.1.4
Apache Myfaces 2.0.3
Apache Myfaces 2.0.9
Apache Myfaces 2.1.2
Apache Myfaces 2.0.5
Apache Myfaces 2.0.6
9.8
CVSSv3
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 up to and including 1.0.13, 1.2.x prior to 1.2.15, 2.0.x prior to 2.0.2, and 2.1.x prior to 2.1.2 might allow malicious users to conduct deserialization attacks via a crafted serialized view state string.
Apache Myfaces Trinidad
NA
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.6 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.x...
Apache Myfaces
1 EDB exploit
NA
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x prior to 1.1.8, 1.2.x prior to 1.2.9, and 2.0.x prior to 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote malicious users to perform successful modifications of the...
Apache Myfaces 1.1.1
Apache Myfaces 1.1.6
Apache Myfaces 1.1.3
Apache Myfaces 1.1.5
Apache Myfaces 1.1.0
Apache Myfaces 1.1.7
Apache Myfaces 1.1.4
Apache Myfaces 1.1.2
Apache Myfaces 1.2.5
Apache Myfaces 1.2.3
Apache Myfaces 1.2.2
Apache Myfaces 1.2.6
Apache Myfaces 1.2.8
Apache Myfaces 1.2.7
Apache Myfaces 1.2.4
Apache Myfaces 2.0.0
NA
CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) ...
Apache Myfaces 1.2.8
Apache Myfaces 1.1.7
NA
CVE-2007-3101
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk prior to 1.1.6 allow remote malicious users to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Apache Myfaces Tomahawk
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started