QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2165

Published: Jul 22, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_JVN

https://access.redhat.com/security/cve/CVE-2013-2165

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=973570

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

JVNDB-2013-000072

third-party-advisory

x_refsource_JVNDB

vendor-advisory

x_refsource_REDHAT

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

x_refsource_MISC

20200313 RichFaces exploitation toolkit

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.