CVE-2020-6950 – Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
https://notcve.org/view.php?id=CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Una vulnerabilidad de Salto de Directorio en Eclipse Mojarra versiones anteriores a 2.3.14, permite a atacantes leer archivos arbitrarios por medio del parámetro loc o del parámetro con A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 https://github.com/eclipse-ee4j/mojarra/issues/4571 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-6950 https://bugzilla.redhat.com/show_bug.cgi?id=1805006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-14371 – mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
https://notcve.org/view.php?id=CVE-2018-14371
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. La función getLocalePrefix en ResourceManager.java en Eclipse Mojarra en versiones anteriores a la 2.3.7 se ha visto afectada por un salto de directorio mediante el parámetro loc. Un atacante remoto puedes descargar archivos de configuración o bytecodes de Java desde las aplicaciones. • https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 https://github.com/javaserverfaces/mojarra/issues/4364 https://access.redhat.com/security/cve/CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1607709 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-4007
https://notcve.org/view.php?id=CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. Oracle Mojarra usa un View State cifrado sin un Código de Autenticación de Mnesaje (MAC), lo que hace más sencillo para atacantes realizar modificaciones exitosas del View State a través de un ataque de relleno. Un problema relacionado con CVE-2010-2057. • https://bugzilla.redhat.com/show_bug.cgi?id=623799 https://issues.apache.org/jira/browse/MYFACES-2749 • CWE-310: Cryptographic Issues •
CVE-2010-2087
https://notcve.org/view.php?id=CVE-2010-2087
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. Oracle Mojarra v1.2_14 y v2.0.2, utilizado en IBM WebSphere Application Server, Caucho Resin, y otras aplicaciones, no maneja adecuadamente un estado de vista sin cifrar, lo que permite a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) o ejecutar sentencias del lenguaje de expresión (EL) a través de vectores que pretenden modificar las vistas de objetos serializados. • http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •