3 matches found
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
PT-2018-12653 · Red Hat · Red Hat Jboss Richfaces Framework
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss RichFaces Framework versions 3.X through 3.3.4 Description: The issue is related to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code...