You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SEC Consult is a leading consulting company for information security. During
a short security crash test we have found a high-level security vulnerability
within Oracle Mojarra JSF v2.2.
The encrypted security advisory with proof of concept information is
attached. I have also attached my public PGP and S/MIME keys for further
encrypted communication. Please provide us with an estimate on when the
vulnerability will be fixed in order to set the actual release date. Please
keep us informed if there are any changes.
Please also see our attached responsible disclosure policy (PDF) which
defines the process of publication of the security advisory. The security
advisory will be released according to the chapter 5.3, phase 3 "Public
disclosure", the latest possible release date is 50 days from now: 2019-01-11
Keep in mind that we can't give any other free support besides providing the
security advisory information.
Best regards,
Jean-Benjamin Rousseau
Security Consultant
The text was updated successfully, but these errors were encountered:
This is a security bug. Please fix it in accordance with:
Http://security.us.oracle.com/doku.php?id=gps:resource:process:bugfix
Dear Oracle team,
SEC Consult is a leading consulting company for information security. During
a short security crash test we have found a high-level security vulnerability
within Oracle Mojarra JSF v2.2.
The encrypted security advisory with proof of concept information is
attached. I have also attached my public PGP and S/MIME keys for further
encrypted communication. Please provide us with an estimate on when the
vulnerability will be fixed in order to set the actual release date. Please
keep us informed if there are any changes.
Please also see our attached responsible disclosure policy (PDF) which
defines the process of publication of the security advisory. The security
advisory will be released according to the chapter 5.3, phase 3 "Public
disclosure", the latest possible release date is 50 days from now: 2019-01-11
Keep in mind that we can't give any other free support besides providing the
security advisory information.
Best regards,
Jean-Benjamin Rousseau
Security Consultant
The text was updated successfully, but these errors were encountered: