Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-2057

EPSS 1.04% · P78
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-2057

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache MyFaces 'shared/util/StateUtils.java'加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache MyFaces是美国阿帕奇(Apache)软件基金会的一个项目,它实现了JavaServer Faces(JSF,一个用于构建Web应用程序的标准Java框架)。 Apache MyFaces 1.1.8之前的1.1.x版本,1.2.9之前的1.2.x版本,以及2.0.1之前的2.0.x版本中的shared/util/StateUtils.java文件使用了不带消息认证代码(MAC)的加密View State。远程攻击者更容易借助填充oracle攻击执行View State的成功修改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-2057

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-2057

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-10-20 · 32 CVEs total

CVE-2010-3366Mn_Fit LD_LIBRARY_PATH设计错误漏洞
CVE-2010-4007Oracle Mojarra加密问题漏洞
CVE-2010-3394TeXmacs LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3393Ecmwf Magics++ magics-config设计错误漏洞
CVE-2010-3389Linux-HA平台OCF Resource Agents设计错误漏洞
CVE-2010-3387Video Disk Recorder 设计错误漏洞
CVE-2010-3386LTTng Userspace Tracer usttrace设计错误漏洞
CVE-2010-3385Herac TuxGuitar LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3384TORCS多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3383TeamSpeak多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3382Uoregon Tuning和Analysis Utilities tauex设计错误漏洞
CVE-2010-3381Tangerine LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3378Scilab多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3377SALOME多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3376ROOT多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3369Debian mono-debugger多个脚本LD_LIBRARY_PATH设计错误漏洞
CVE-2010-0782IBM WebSphere MQ证书欺骗漏洞
CVE-2010-3365Mistelix LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3364VIPS LD_LIBRARY_PATH设计错误漏洞
CVE-2010-3363roaraudio roarify设计错误漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-2057

No comments yet

Leave a comment