CVE-2010-2087

Severity

5.8

Description

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Apache TomEE 1.7.x

First release:

2014-08-09

CVEs:

Support Lifecycle:

Unsupported

Namespace:

javax

1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

CVE-2010-2087

Severity

5.8

Description

Mitigation

Related links:

Project

Category

Tags

Date Disclosed

Date Discovered

Apache TomEE 1.7.x

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

Tomitribe

Services

Open Source