Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
From: David Jorm <djorm () redhat com>
Date: Tue, 29 Nov 2011 00:16:22 -0500 (EST)

It has been found that when includeViewParameters is set to true, JSF 2 as implemented by Mojarra and MyFaces will 
re-evaluate parameter/model values as EL expressions.

Original bug:
http://java.net/jira/browse/JAVASERVERFACES-2247

MyFaces bug:
https://issues.apache.org/jira/browse/MYFACES-3405

Write-up/reproducer:
http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/

Thanks
-- 
David Jorm / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault