CVE-2010-2057
https://notcve.org/view.php?id=CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. shared/util/StateUtils.java en Apache MyFaces v1.1.x anterior a v1.1.8, v1.2.x anterior a v1.2.9, y v2.0.x anterior a v2.0.1 utiliza un cifrado View State sin un Codigo de Autenticación de Mensaje (MAC), lo que cual facilita a los atacantes remotos realizar modificaciones con éxito de el View State mediante un ataque de relleno. • http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801 https://bugzilla.redhat.com/show_bug.cgi?id=623799 https://issues.apache.org/jira/browse/MYFACES-2749 • CWE-310: Cryptographic Issues •
CVE-2010-2086 – MyFaces: XSS via state view
https://notcve.org/view.php?id=CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. Apache MyFaces v1.1.7 y v1.2.8, como el usado en IBM WebSphere Application Server y otras aplicaciones, no maneja de forma adecuada el estado de vista no cifrada lo que permite a atacantes remotos para conducir ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) o ejecutar código Expression Language (EL) a través de vectores que implican modificar el objeto vista serializada. • http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt https://access.redhat.com/security/cve/CVE-2010-2086 https://bugzilla.redhat.com/show_bug.cgi?id=598164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •