Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-2165

Опубликовано: 10 июл. 2013
Источник: redhat
CVSS2: 7.5
EPSS Средний

Описание

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5RichFacesAffected
Red Hat JBoss Enterprise Web Server 1eap-4.2Not affected
Red Hat JBoss Enterprise Web Server 1eap-4.3Affected
Red Hat JBoss Enterprise Web Server 1eap-5Affected
Red Hat JBoss Enterprise Web Server 1ewp-5Affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Operations Network 2RichFacesAffected
Red Hat JBoss Operations Network 3.1RichFacesAffected
Red Hat JBoss Portal 4RichFacesAffected
Red Hat JBoss Portal 5RichFacesAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=973570RichFaces: Remote code execution due to insecure deserialization

EPSS

Процентиль: 96%
0.25714
Средний

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-2165

ubuntu
больше 12 лет назад

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

nvd логотип

CVE-2013-2165

nvd
больше 12 лет назад

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

debian логотип

CVE-2013-2165

debian
больше 12 лет назад

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementati ...

github логотип

GHSA-4344-frcp-j22q

github
больше 3 лет назад

Remote code execution due to insecure deserialization

EPSS

Процентиль: 96%
0.25714
Средний

7.5 High

CVSS2