CVE-2010-4007
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
20/10/2010
Last modified:
11/04/2025
Description
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:mojarra:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.1_02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_06:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_07:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_09:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:mojarra:1.2_12:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page