{"vulnerability": "CVE-2021-26296", "sightings": [{"uuid": "00dde3d6-cd5e-4835-85d4-2e2855f76e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26296", "type": "seen", "source": "https://t.me/cibsecurity/23846", "content": "\u203c CVE-2021-26296 \u203c\n\nIn the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-19T12:51:07.000000Z"}, {"uuid": "ccaf2fc1-f341-4ebc-ba31-8546e650fd83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26296", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2746", "content": "#exploit\n1. CVE-2021-26296:\nCross-Site Request Forgery in Apache MyFaces JSF Framework\nhttps://seclists.org/fulldisclosure/2021/Feb/66\n\n2. CVE-2021-21042:\nGetting Information Disclosure in Adobe Reader Through the ID Tag\nhttps://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag", "creation_timestamp": "2024-10-09T19:07:11.000000Z"}, {"uuid": "9e883c89-dbad-4fb4-995b-ce06c852c0bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26296", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/537", "content": "CVE-2021-26296 Apache MyFaces 2.x \u8de8\u7ad9\u8acb\u6c42\u507d\u9020\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-26296_Apache_MyFaces_2.x_%E8%B7%A8%E7%AB%99%E8%AB%8B%E6%B1%82%E5%81%BD%E9%80%A0%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-30T02:49:58.000000Z"}]}