virus logo Intrusion Prevention

Oracle.Mojarra.JSF.Framework.ViewState.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Oracle Mojarra.
The vulnerability is due to insufficient validation of requests sent to the Oracle Mojarra endpoint. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can result in arbitrary code execution under the security context of the affected server.

affected-products-logoAffected Products

Oracle Mojarra 2.2 and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://javaee.github.io/javaserverfaces/index-0.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-07-27 21.364 Default_action:pass:drop
2022-05-03 20.308
ID 51517
Created May 02, 2022
Updated Jul 26, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App Oracle