Information Disclosure Vulnerability in Apache MyFaces Core
CVE-2011-4343

7.5HIGH

Key Information:

Vendor
Apache
Status
Myfaces
Vendor
CVE Published:
8 August 2017

Summary

A significant information disclosure vulnerability exists in Apache MyFaces Core versions 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4. This flaw allows remote attackers to exploit crafted parameters, enabling them to inject EL expressions. Successful exploitation could lead to unauthorized data exposure, potentially compromising sensitive information. Organizations are advised to review their MyFaces Core deployments and apply necessary security updates or patches to mitigate this risk.

References

http://marc.info/?l=full-disclosure&m=132313252814362
mailing-listx_refsource_MLIST
https://issues.apache.org/jira/secure/attachment/12504807...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039695
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.