Cross-Site Scripting Vulnerability in Oracle Mojarra for IBM WebSphere and Caucho Resin

CVE-2010-2087

Summary

The Oracle Mojarra library, utilized in applications like IBM WebSphere Application Server and Caucho Resin, has a vulnerability that fails to securely handle unencrypted view states. This flaw allows remote attackers to exploit the serialized view object, potentially leading to cross-site scripting (XSS) attacks or executing unauthorized Expression Language (EL) statements. Proper precautions must be taken to safeguard against these exploitation vectors.

References