logo
DATABASE RESOURCES PRICING ABOUT US

Arbitrary code execution in Richfaces

Description

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.


Affected Software


CPE Name Name Version
org.richfaces:richfaces-core 3.1.0
org.richfaces:richfaces-core 3.3.4

Related