ID CVE-2018-12533
Summary JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.2.0:sr1:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.2.0:sr1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.2:sr1:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.2:sr1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:richfaces:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:richfaces:3.3.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-917
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:2663
  • rhsa
    id RHSA-2018:2664
  • rhsa
    id RHSA-2018:2930
rpms
  • richfaces-0:3.3.1-4.SP3_patch_02.ep5.el6_10
  • richfaces-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-cdk-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-demo-0:3.3.1-4.SP3_patch_02.ep5.el6_10
  • richfaces-demo-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-docs-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-framework-0:3.3.1-4.SP3_patch_02.ep5.el6_10
  • richfaces-framework-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-root-0:3.3.1-4.SP3_patch_02.ep5.el6_10
  • richfaces-root-0:3.3.1-7.SP3_patch_02.ep5.el5
  • richfaces-ui-0:3.3.1-4.SP3_patch_02.ep5.el6_10
  • richfaces-ui-0:3.3.1-7.SP3_patch_02.ep5.el5
refmap via4
bid 104502
fulldisc 20200313 RichFaces exploitation toolkit
misc https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
sectrack 1041617
Last major update 24-08-2020 - 17:37
Published 18-06-2018 - 12:29
Last modified 24-08-2020 - 17:37
Back to Top