Insecure JSF ViewState

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-642

Summary: The response at the following URL contains a ViewState value that has no cryptographic protections.

Solution: Secure VIEWSTATE with a MAC specific to your environment

References: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Latest Security News

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Common Alerts

HighExpression Language Injection

HighCORS Misconfiguration

LowX-Backend-Server Header Information Leak

LowStrict-Transport-Security Defined via META (Non-compliant with Spec)

MediumHTTP to HTTPS Insecure Transition in Form Post

HighServer Side Code Injection - ASP Code Injection

MediumSource Code Disclosure - SVN

MediumAuthentication Credentials Captured

MediumInsecure HTTP Method

LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

CWE-1384 Improper Handling of Physical or Environmental Conditions

HighCWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

CWE-53 Path Equivalence: '\multiple\\internal\backslash'

HighCWE-360 Trust of System Event Data

CWE-187 Partial String Comparison

CWE-1103 Use of Platform-Dependent Third Party Components

CWE-132 DEPRECATED: Miscalculated Null Termination

CWE-23 Relative Path Traversal

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

Free security scan for your website

Don't show website scan report rating on the leaderboard