logo

Insecure JSF ViewState

  • Risk:
  • Medium

  • Type:
  • Passive
Summary

The response at the following URL contains a ViewState value that has no cryptographic protections.

Solution

Secure VIEWSTATE with a MAC specific to your environment

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Free security scan for your website