CVE-2016-5019 (myfaces)

Posted on 2016년 10월 4일2016년 10월 5일 by admin

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.

Source: CVE-2016-5019 (myfaces)

답글 남기기 응답 취소