CVE-2015-0279

Опубликовано: 26 мар. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Ссылки

http://jvn.jp/en/jp/JVN56297719/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://rhn.redhat.com/errata/RHSA-2015-0719.html
Broken Link
Vendor Advisory
http://seclists.org/fulldisclosure/2019/Jul/21
http://seclists.org/fulldisclosure/2020/Mar/21
https://bugzilla.redhat.com/show_bug.cgi?id=1192140
Issue Tracking
Vendor Advisory
http://jvn.jp/en/jp/JVN56297719/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://rhn.redhat.com/errata/RHSA-2015-0719.html
Broken Link
Vendor Advisory
http://seclists.org/fulldisclosure/2019/Jul/21
http://seclists.org/fulldisclosure/2020/Mar/21
https://bugzilla.redhat.com/show_bug.cgi?id=1192140
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.5.4 (включая)

EPSS

Процентиль: 91%

0.06506

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2015-0279

redhat

почти 11 лет назад

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

GHSA-8cc3-p77g-5pcc

github

больше 3 лет назад

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

EPSS

Процентиль: 91%

0.06506

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94