oss-sec mailing list archives
Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability
From: Mike Kienenberger <mkienenb () gmail com>
Date: Thu, 29 Sep 2016 13:00:23 -0400
Clarification: The first line in this CVE was a copy&paste error during message composition and is not part of the CVE. This line can make it sound as if CVE-2016-5019 is only an information disclosure vulnerability rather than a deserialization attack vector. I apologize for the confusion.
Current thread:
- CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger (Sep 29)
- Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger (Sep 29)