Published: 27/05/2010 Updated: 28/01/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mojarra 1.2_14
oracle mojarra 2.0.2

Debian Bug report logs - #611130 CVE-2010-2087 Package: mojarra; Maintainer for mojarra is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 25 Jan 2011 20:45:02 UTC Severity: important Tags: moreinfo, security, squeeze-ignore, wontfix ...

CWE-79 http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611130 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2087

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect