CVE-2015-0279

Published: Mar 26, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=1192140

x_refsource_CONFIRM

RHSA-2015:0719

vendor-advisory

x_refsource_REDHAT

JVN#56297719

third-party-advisory

x_refsource_JVN

JVNDB-2015-001959

third-party-advisory

x_refsource_JVNDB

20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html

x_refsource_MISC

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

x_refsource_MISC

20200313 RichFaces exploitation toolkit

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-0279

Description

Affected Products

References