Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote malicious users to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mojarra 1.2_15 |
||
oracle mojarra 1.2_07 |
||
oracle mojarra 1.2_05 |
||
oracle mojarra 2.0.2 |
||
oracle mojarra 2.0.1 |
||
oracle mojarra 1.2_04 |
||
oracle mojarra 1.2_03 |
||
oracle mojarra 1.2_02 |
||
oracle mojarra 1.2_01 |
||
oracle mojarra 1.2_12 |
||
oracle mojarra 1.2_11 |
||
oracle mojarra 1.2_10 |
||
oracle mojarra 1.2_09 |
||
oracle mojarra 1.1 |
||
oracle mojarra 1.1_02 |
||
oracle mojarra 1.2 |
||
oracle mojarra 1.2_14 |
||
oracle mojarra 1.2_13 |
||
oracle mojarra 1.2_08 |
||
oracle mojarra 1.2_06 |
||
oracle mojarra 2.0.0 |
||
oracle mojarra 2.0.3 |