CVE-2010-4007
Last modified
CVE-2010-4007 is a vulnerability of currently unknown severity. Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Mojarra | 1.1 |
| Oracle | Mojarra | 1.1_02 |
| Oracle | Mojarra | 1.2 |
| Oracle | Mojarra | 1.2_01 |
| Oracle | Mojarra | 1.2_02 |
| Oracle | Mojarra | 1.2_03 |
| Oracle | Mojarra | 1.2_04 |
| Oracle | Mojarra | 1.2_05 |
| Oracle | Mojarra | 1.2_06 |
| Oracle | Mojarra | 1.2_07 |
| Oracle | Mojarra | 1.2_08 |
| Oracle | Mojarra | 1.2_09 |
| Oracle | Mojarra | 1.2_10 |
| Oracle | Mojarra | 1.2_11 |
| Oracle | Mojarra | 1.2_12 |
| Oracle | Mojarra | 1.2_13 |
| Oracle | Mojarra | 1.2_14 |
| Oracle | Mojarra | 1.2_15 |
| Oracle | Mojarra | 2.0.0 |
| Oracle | Mojarra | 2.0.1 |
| Oracle | Mojarra | 2.0.2 |
| Oracle | Mojarra | 2.0.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-4007?
How severe is CVE-2010-4007?
How do I fix CVE-2010-4007?
Are you affected by CVE-2010-4007?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST