4 matches found
Remote Code Execution Through Deserialization Attack
RichFaces is vulnerable to remote code execution through deserialization attacks. The ResourceBuilderImpl.java class in RichFaces does not restrict the classes which can be deserialized, allowing remote attackers to execute code...
CVE-2013-2165
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...
CVE-2013-2165
CVE-2013-2165 is a deserialization vulnerability in RichFaces implementations (3.x–5.x) across Red Hat JBoss components that does not restrict which classes’ deserialization methods can be invoked, allowing remote attackers to execute arbitrary code via crafted serialized data. Affected products ...
RichFaces: Remote code execution due to insecure deserialization
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...