CVE-2011-4343

HIGH

Apache MyFaces Core <2.0.11, <2.1.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=full-disclosure&m=132313252814362
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039695

Scores

CVSS v3 7.5
EPSS 0.0533
EPSS Percentile 91.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (16)
apache/myfaces 2.0.1
apache/myfaces 2.0.2
apache/myfaces 2.0.3
apache/myfaces 2.0.4
apache/myfaces 2.0.5
apache/myfaces 2.0.6
apache/myfaces 2.0.7
apache/myfaces 2.0.8
apache/myfaces 2.0.9
apache/myfaces 2.0.10
... and 6 more
Published Aug 08, 2017
Tracked Since Feb 18, 2026