Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

Clarification: The first line in this CVE [1] was a copy error during message composition and is not part of the CVE. This line can make it sound as if CVE-2016-5019 is only an information disclosure vulnerability rather than a deserialization attack vector. I apologize for the confusion. On

[jira] [Commented] (TRINIDAD-2542) CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

ility" was a cut error. It should be "deserialization security vulnerability" -- I'll see what I can do to get that corrected. > CVE-2016-5019: MyFaces Trinidad view state deserialization se

[jira] [Commented] (TRINIDAD-2542) CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

http://seclists.org/oss-sec/2016/q3/667 > CVE-2016-5019: MyFaces Trinidad view state deserialization security > vulnerability > - > > Key: TRINIDAD-2542 > URL: https://

[jira] [Commented] (TRINIDAD-2542) CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

will prevent certain well-known vectors of attack, but will not entirely resolve this issue. > CVE-2016-5019: MyFaces Trinidad view state deserialization security > vulnerability > - > > Key

[jira] [Resolved] (TRINIDAD-2542) CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

-core 2.0.2-core 1.2.15-core > CVE-2016-5019: MyFaces Trinidad view state deserialization security > vulnerability > - > > Key: TRINIDAD-2542 >

CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

CVE-2016-5019 Apache MyFaces Trinidad information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Trinidad from 1.0.0 to 1.0.13 Trinidad from 1.2.1 to 1.2.14 Trinidad from 2.0.0 to 2.0.1 Trinidad from 2.1.0 to 2.1.1 Description: