Red Hat JBoss Enterprise Application Platform 5.2 is a platform for Java applications based on jbossas. This asynchronous patch is a security update for RichFaces and Apache CXF packages in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix(es): * Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource. (CVE-2018-12533) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
RHEL 5 / 6 : JBoss EAP (RHSA-2018:2664)
(RHSA-2018:2664) Critical: Red Hat JBoss Enterprise Application Platform 5.2 security update
(RHSA-2018:2930) Important: Red Hat JBoss Operations Network 3.3.11 security and bug fix update
Arbitrary code execution in Richfaces