Vulnerability Name:

CVE-2010-2057 (CCN-61898)

Assigned:2010-09-17
Published:2010-09-17
Updated:2010-11-19
Summary:shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
CVSS v3 Severity:9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)
7.8 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2010-2057

Source: MITRE
Type: CNA
CVE-2010-3332

Source: MITRE
Type: CNA
CVE-2010-4007

Source: CCN
Type: EKOPARTY 2010
Padding Oracles Everywhere

Source: CCN
Type: SA41409
Microsoft ASP.NET Cryptographic Padding Information Disclosure

Source: CCN
Type: SA41919
Mono ASP.NET Cryptographic Padding Oracle Information Disclosure

Source: CCN
Type: SA41981
Oracle Mojarra Cryptographic Padding Oracle Information Disclosure

Source: CCN
Type: SA41995
Apache MyFaces Cryptographic Padding Oracle Information Disclosure

Source: CCN
Type: SECTRACK ID: 1024459
Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801

Source: CCN
Type: Microsoft Security Bulletin MS12-035
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Source: CCN
Type: IBM Internet Security Systems Protection Alert
Microsoft Vulnerability in ASP.NET Could Allow Information Disclosure

Source: CCN
Type: Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure

Source: CCN
Type: Microsoft Security Bulletin MS10-070
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

Source: CCN
Type: Microsoft Security Bulletin MS11-078
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Source: CCN
Type: Mono Web site
ASP.NET Padding Oracle

Source: CCN
Type: OSVDB ID: 68815
Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification

Source: CCN
Type: OSVDB ID: 68816
Oracle Mojarra View State MAC Weakness Cryptographic Padding Remote View State Modification

Source: CCN
Type: BID-43316
Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

Source: CCN
Type: BID-44285
Mono ASP.NET Implementation Padding Oracle Information Disclosure Vulnerability

Source: CCN
Type: BID-44337
Oracle Mojarra Encrypted View State Oracle Padding Security Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=623799

Source: XF
Type: UNKNOWN
ms-aspdotnet-padding-info-disclosure(61898)

Source: CONFIRM
Type: UNKNOWN
https://issues.apache.org/jira/browse/MYFACES-2749

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-06-2010]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-17-2010]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-20-2010]

Source: SUSE
Type: SUSE-SR:2011:008
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:myfaces:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.1.7:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:apache:myfaces:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:myfaces:1.2.8:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:apache:myfaces:2.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*
  • OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache myfaces 1.1.0
    apache myfaces 1.1.1
    apache myfaces 1.1.2
    apache myfaces 1.1.3
    apache myfaces 1.1.4
    apache myfaces 1.1.5
    apache myfaces 1.1.6
    apache myfaces 1.1.7
    apache myfaces 1.2.2
    apache myfaces 1.2.3
    apache myfaces 1.2.4
    apache myfaces 1.2.5
    apache myfaces 1.2.6
    apache myfaces 1.2.7
    apache myfaces 1.2.8
    apache myfaces 2.0.0
    microsoft .net framework 1.0 sp3
    microsoft .net framework 1.1 sp1
    microsoft asp.net 1.1 sp1
    microsoft windows server 2008 -
    microsoft .net framework 2.0 sp2
    microsoft .net framework 3.5
    microsoft .net framework 3.5 sp1
    microsoft windows server 2008
    microsoft .net framework 3.5.1
    microsoft asp.net 3.5
    microsoft .net framework 4.0
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows vista * sp1
    microsoft windows vista * sp1
    microsoft windows server 2008
    microsoft windows server 2008 -
    microsoft windows xp sp3
    microsoft windows vista * sp2
    microsoft windows vista * sp2
    microsoft windows server 2008 sp2
    microsoft windows server 2008 sp2
    microsoft windows 7 *
    microsoft windows 7 -
    microsoft windows server 2008 * r2
    microsoft windows server 2008 * r2