Vulnerability Details CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2010-4007
-
cpe:2.3:a:oracle:mojarra:1.1
-
cpe:2.3:a:oracle:mojarra:1.1_02
-
cpe:2.3:a:oracle:mojarra:1.2
-
cpe:2.3:a:oracle:mojarra:1.2_01
-
cpe:2.3:a:oracle:mojarra:1.2_02
-
cpe:2.3:a:oracle:mojarra:1.2_03
-
cpe:2.3:a:oracle:mojarra:1.2_04
-
cpe:2.3:a:oracle:mojarra:1.2_05
-
cpe:2.3:a:oracle:mojarra:1.2_06
-
cpe:2.3:a:oracle:mojarra:1.2_07
-
cpe:2.3:a:oracle:mojarra:1.2_08
-
cpe:2.3:a:oracle:mojarra:1.2_09
-
cpe:2.3:a:oracle:mojarra:1.2_10
-
cpe:2.3:a:oracle:mojarra:1.2_11
-
cpe:2.3:a:oracle:mojarra:1.2_12
-
cpe:2.3:a:oracle:mojarra:1.2_13
-
cpe:2.3:a:oracle:mojarra:1.2_14
-
cpe:2.3:a:oracle:mojarra:1.2_15
-
cpe:2.3:a:oracle:mojarra:2.0.0
-
cpe:2.3:a:oracle:mojarra:2.0.1
-
cpe:2.3:a:oracle:mojarra:2.0.2
-
cpe:2.3:a:oracle:mojarra:2.0.3