High severity7.5NVD Advisory· Published Aug 8, 2017· Updated Jun 16, 2026
CVE-2011-4343
CVE-2011-4343
Description
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.myfaces.core:myfaces-core-moduleMaven | >= 2.0.1, < 2.0.11 | 2.0.11 |
org.apache.myfaces.core:myfaces-core-moduleMaven | >= 2.1.0, < 2.1.5 | 2.1.5 |
Affected products
16cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:myfaces:2.1.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patchnvdPatchVendor AdvisoryWEB
- marc.infonvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-jq6g-p65r-44xrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4343ghsaADVISORY
- github.com/apache/myfaces/commit/a74b551b2ce6e88101ff453389a761f230e428a1ghsaWEB
- github.com/apache/myfaces/commit/caee86e71ab8c5f038186158e9955887ed72a0fdghsaWEB
- www.securitytracker.com/id/1039695nvd
News mentions
0No linked articles in our index yet.