PT-2018-6576 · Apache · Apache Deltaspike-Jsf

Publicado

2018-01-04

Atualizado

2022-05-13

CVE-2017-17837

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Apache DeltaSpike-JSF version 1.8.0

Description: The issue is related to a XSS injection leak in the windowId handling. By default, the windowId size gets cut off after 10 characters, which might limit the impact. A fix has been applied and released in Apache DeltaSpike-JSF 1.8.1.

Recommendations: For Apache DeltaSpike-JSF version 1.8.0, update to Apache DeltaSpike-JSF 1.8.1 to resolve the issue. As a temporary workaround, consider restricting the use of the windowId handling until the update is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-17837

GHSA-4Q23-G7MF-XP98

Produtos afetados

Apache Deltaspike-Jsf

PT-2018-6576 · Apache · Apache Deltaspike-Jsf

CVE-2017-17837

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13