NuytsTech Security

CVE-2016-5019

by ·

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.

Date published : 2016-10-03

http://www.securityfocus.com/bid/93236

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Tags: