24428 2010-10-26 19:44:23 +0400 CVE-2010-2057: Encrypted View State does not include Message Authentication Code (MAC) 2015-10-28 01:07:31 +0300 1 1 4 Development Sisyphus myfaces unstable all Linux CLOSED FIXED https://issues.apache.org/jira/browse/MYFACES-2749 security P3 blocker --- 1 crux viy damir mithraen viy qa-sisyphus oldest_to_newest 114305 0 crux 2010-10-26 19:44:23 +0400 shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. 153309 1 viy 2015-10-28 01:07:31 +0300 пакет удален из репозитория