Cryptographic Issues Affecting org.apache.myfaces.shared:myfaces-shared-core Open this link in a new tab package, versions [2.0.0,2.0.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
10 Jan 2014
10 Jun 2010
How to fix?
org.apache.myfaces.shared:myfaces-shared-core to version 2.0.1 or higher.
org.apache.myfaces.shared:myfaces-shared-core is a maven plugin for the MyFaces Shared Core Subproject build the sources artifact needed by the shared-* modules.
Affected versions of this package are vulnerable to Cryptographic Issues as it uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.