what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2013-2165

Status Candidate

Overview

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Related Files

Richsploit RichFaces Exploitation Toolkit
Posted Mar 9, 2020
Authored by redtimmysec

This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.

tags | exploit, tool, java, remote, vulnerability, code execution
advisories | CVE-2013-2165, CVE-2015-0279, CVE-2018-14667
MD5 | dbe44bcd30e854ad24e9361d53b24ebb
Red Hat Security Advisory 2013-1044-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1044-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. The RichFaces component is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-2165
MD5 | e1a05bd5bb3e669534dc0a77f05057dc
Red Hat Security Advisory 2013-1045-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1045-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
MD5 | b4973913627f96bd69f25e551c472757
Red Hat Security Advisory 2013-1043-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1043-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
MD5 | e56138e55a8afd95f94c2256481a8368
Red Hat Security Advisory 2013-1042-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1042-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
MD5 | b54e988dc447e6311e74704b02f32e42
Red Hat Security Advisory 2013-1041-01
Posted Jul 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1041-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.2.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-2165
MD5 | 5081d41468f2b608f9bbf3f83583d5b7
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close