CVE-2013-5855

{"id": "CVE-2013-5855", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-17T05:10:13.937", "references": [{"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "source": "secalert_us@oracle.com"}, {"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/65600", "source": "secalert_us@oracle.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "source": "secalert_us@oracle.com"}, {"url": "https://java.net/jira/browse/JAVASERVERFACES-3150", "source": "secalert_us@oracle.com"}, {"url": "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors."}, {"lang": "es", "value": "Oracle Mojarra 2.2.x anterior a 2.2.6 y 2.1.x anterior a 2.1.28 no realiza la codificaci\u00f3n debida cuando se utilice (1) una etiqueta o (2) una expresi\u00f3n EL despu\u00e9s de un bloque del estilo scriptor, lo que permite a atacantes remotos realizar ataques de XSS a trav\u00e9s de vectores espec\u00edficos de una aplicaci\u00f3n."}], "lastModified": "2018-10-09T19:34:38.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D545A6A-CA1E-40F4-AFEF-8A22F1963959"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9ED4467-18CC-4710-8343-0B5D3F1E0E8E"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2629C89A-14F7-4642-ABC7-17428751563B"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C44BE8D-C99C-45B7-BE72-5B4587F11DD5"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE4C509-061C-49FF-99CA-848EF82F0FFA"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "283ECF0D-ED11-4D5C-8995-E93785CD1886"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F8F944C-42A2-4E4D-AB97-3800FE7BA086"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4FC9BF2-44D9-4514-950D-84E75E27C9BA"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1ADC8E6-C052-4A4E-B840-4DF68CEFE409"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2C62BDE-8BF2-4389-9511-BF8B54BF0E2E"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AB62D2-3836-43A9-8209-ECC01298DDF7"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCC9D019-DE8F-4431-A79A-AD3507F993AA"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9DEC24-5347-4A2D-A705-74AEFFF0BB59"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3865ED07-C221-4A83-8048-747A030E163F"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06463192-2C6E-4059-9D56-B3C7D56616A1"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A02DAC-B2D0-4043-A9C5-0297D555B79E"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3308CD3A-7D58-4251-85E4-AE16552CA850"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6460D8F1-762C-4703-B32F-2D3AF3075609"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F53DF75-0B83-4260-9F1C-9131FDAEC751"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E4A67F-0E82-4C15-8A07-5FA58EA6C43E"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56A24C0C-13B2-4E8F-8677-B43D0E81459F"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "656F4F63-5818-45DB-B616-3A82627CBE0C"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA2C9A44-4977-4D8F-8713-4B8CD08C9C0C"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970027E5-EC84-4C9F-BB48-0EEDF9C84A1C"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78471D0-5C90-479F-9318-ACF4CC0CF44B"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88338F11-4E7D-451D-A265-0EFED5230CCF"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BC2BE1-4500-4ABA-A9BF-E84D433C9644"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF0069D-EA77-476A-8D74-77D29221391C"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D53E07D9-826D-4CCB-BFD0-345F3AB669C3"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A506B90E-C4BE-4A16-901E-5D21AAE4FFD2"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945AF3FF-57F8-434C-8B2C-753E9E791A0D"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC60987-2D5B-44A6-BB4B-4E34B095C4C7"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5653BF-E8E4-4844-BFBD-9275DF072173"}, {"criteria": "cpe:2.3:a:oracle:mojarra:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CD86AF0-3DA1-4A1C-BFAC-1A0ED1B76CDB"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}