Lucene search

K
RedhatRichfaces

6 matches found

CVE
CVE
added 2018/11/06 10:29 p.m.391 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

9.8CVSS9.7AI score0.87939EPSS
In wildWeb
CVE
CVE
added 2013/07/23 11:3 a.m.155 views

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss...

7.5CVSS9.6AI score0.1429EPSS
CVE
CVE
added 2018/06/18 12:29 p.m.108 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

9.8CVSS9.6AI score0.73981EPSS
CVE
CVE
added 2015/03/26 2:59 p.m.102 views

CVE-2015-0279

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

6.8CVSS9.6AI score0.02367EPSS
Web
CVE
CVE
added 2018/06/18 12:29 p.m.90 views

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

9.8CVSS9.6AI score0.01306EPSS
CVE
CVE
added 2014/03/31 2:58 p.m.84 views

CVE-2014-0086

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

4.3CVSS8.8AI score0.0064EPSS