Описание
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.3.4 (включая)
cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.75469
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-917
Связанные уязвимости
CVSS3: 9.8
redhat
больше 7 лет назад
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
CVSS3: 9.8
fstec
больше 7 лет назад
Уязвимость библиотеки RichFaces, связанная с ошибками управления генерацией кода, позволяющая нарушителю выполнить произвольный Java-код
EPSS
Процентиль: 99%
0.75469
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-917