Oracle: >> Mojarra >> 1.2_11 Security Vulnerabilities
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
CVSS Score
5.0
EPSS Score
0.003
Published
2010-10-20