Описание
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0279
- https://bugzilla.redhat.com/show_bug.cgi?id=1192140
- http://jvn.jp/en/jp/JVN56297719/index.html
- http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html
- http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
- http://rhn.redhat.com/errata/RHSA-2015-0719.html
- http://seclists.org/fulldisclosure/2019/Jul/21
- http://seclists.org/fulldisclosure/2020/Mar/21
Связанные уязвимости
redhat
почти 11 лет назад
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
nvd
почти 11 лет назад
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.