CVE-2010-4007
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →