漏洞信息详情
Apache MyFaces Trinidad 跨站请求伪造漏洞
- CNNVD编号:CNNVD-202102-1379 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-26296
- 漏洞类型: 跨站请求伪造
- 发布时间: 2021-02-18
- 威胁类型: 远程
- 更新时间: 2021-09-06
- 厂 商:
- 漏洞来源: Wolfgang Ettlinger
-
漏洞简介
Apache MyFaces Trinidad是美国阿帕奇(Apache)基金会的一款包含大量的企业级组件库并支持附件的JSF框架。
Apache MyFaces 中存在跨站请求伪造漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。以下产品及版本受到影响:Apache MyFaces 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1
漏洞公告
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
https://security-tracker.debian.org/tracker/CVE-2021-26296
参考网址
来源:MISC
链接:https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E
来源:MISC
链接:https://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210528-0007/
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2021/Feb/66
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-cve-2021-26296/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6486349
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6485501
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-application-server-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1811
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-websphere-application-server-cve-2021-26296/
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-MyFaces-Core-Cross-Site-Request-Forgery-via-Weak-Tokens-35037
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-websphere-application-server-liberty-affects-ibm-cics-tx-on-cloud/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-26296
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2132
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1321
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2021-26296/
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-26296
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1200
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-apache-myfaces-affects-websphere-liberty-middle-vulnerability-in-websphere-application-server-liberty-cve-2021-26296/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-installed-websphere-application-server-2/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-apache-myfaces-which-affects-content-collector-for-email/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-lks-administration-and-reporting-tool-and-its-agent/
受影响实体
暂无
补丁
暂无
还没有评论,来说两句吧...