CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
redhatjboss_enterprise_application_platform
4.3.0
redhatjboss_enterprise_application_platform
4.3.0:cp10
redhatjboss_enterprise_application_platform
5.0.0
redhatjboss_enterprise_application_platform
5.0.1
redhatjboss_enterprise_application_platform
5.1.0
redhatjboss_enterprise_application_platform
5.1.1
redhatjboss_enterprise_application_platform
5.1.2
redhatjboss_enterprise_application_platform
5.2.0
redhatjboss_enterprise_brms_platform
5.0.0
redhatjboss_enterprise_brms_platform
5.0.1
redhatjboss_enterprise_brms_platform
5.0.2
redhatjboss_enterprise_brms_platform
5.1.0
redhatjboss_enterprise_brms_platform
5.2.0
redhatjboss_enterprise_brms_platform
5.3.0
redhatjboss_enterprise_brms_platform
5.3.1
redhatjboss_enterprise_portal_platform
4.3.0:cp03
redhatjboss_enterprise_portal_platform
4.3.0:cp04
redhatjboss_enterprise_portal_platform
4.3.0:cp05
redhatjboss_enterprise_portal_platform
4.3.0:cp06
redhatjboss_enterprise_portal_platform
4.3.0:cp07
redhatjboss_enterprise_portal_platform
5.0.0
redhatjboss_enterprise_portal_platform
5.0.1
redhatjboss_enterprise_portal_platform
5.1.0
redhatjboss_enterprise_portal_platform
5.1.1
redhatjboss_enterprise_portal_platform
5.2.0
redhatjboss_enterprise_portal_platform
5.2.1
redhatjboss_enterprise_portal_platform
5.2.2
redhatjboss_enterprise_soa_platform
4.2.0
redhatjboss_enterprise_soa_platform
4.2.0:cp01
redhatjboss_enterprise_soa_platform
4.2.0:cp02
redhatjboss_enterprise_soa_platform
4.2.0:cp03
redhatjboss_enterprise_soa_platform
4.2.0:cp04
redhatjboss_enterprise_soa_platform
4.2.0:cp05
redhatjboss_enterprise_soa_platform
4.2.0:tp02
redhatjboss_enterprise_soa_platform
4.3.0
redhatjboss_enterprise_soa_platform
4.3.0:cp01
redhatjboss_enterprise_soa_platform
4.3.0:cp02
redhatjboss_enterprise_soa_platform
4.3.0:cp03
redhatjboss_enterprise_soa_platform
4.3.0:cp04
redhatjboss_enterprise_soa_platform
4.3.0:cp05
redhatjboss_enterprise_soa_platform
5.0.0
redhatjboss_enterprise_soa_platform
5.0.1
redhatjboss_enterprise_soa_platform
5.0.2
redhatjboss_enterprise_soa_platform
5.1.0
redhatjboss_enterprise_soa_platform
5.1.1
redhatjboss_enterprise_soa_platform
5.2.0
redhatjboss_enterprise_soa_platform
5.3.0
redhatjboss_enterprise_soa_platform
5.3.1
redhatjboss_enterprise_web_platform
5.1.0
redhatjboss_enterprise_web_platform
5.1.1
redhatjboss_enterprise_web_platform
5.1.2
redhatjboss_enterprise_web_platform
5.2.0
redhatjboss_operations_network
1.0.0
redhatjboss_operations_network
2.0.0
redhatjboss_operations_network
2.0.1
redhatjboss_operations_network
2.1.0
redhatjboss_operations_network
2.2
redhatjboss_operations_network
2.3
redhatjboss_operations_network
2.3.1
redhatjboss_operations_network
2.4
redhatjboss_operations_network
2.4.1
redhatjboss_operations_network
2.4.2
redhatjboss_operations_network
3.0
redhatjboss_operations_network
3.0.1
redhatjboss_operations_network
3.1
redhatjboss_operations_network
3.1.1
redhatjboss_operations_network
3.1.2
redhatjboss_web_framework_kit
𝑥
≤ 2.2.0
redhatjboss_web_framework_kit
1.0.0
redhatjboss_web_framework_kit
1.1.0
redhatjboss_web_framework_kit
1.2.0
redhatjboss_web_framework_kit
2.0.0
redhatjboss_web_framework_kit
2.1.0
redhatrichfaces
3.1.0
redhatrichfaces
3.1.1
redhatrichfaces
3.1.2
redhatrichfaces
3.1.3
redhatrichfaces
3.1.4
redhatrichfaces
3.1.5
redhatrichfaces
3.1.6
redhatrichfaces
3.2.0
redhatrichfaces
3.2.0:sr1
redhatrichfaces
3.2.1
redhatrichfaces
3.2.2
redhatrichfaces
3.3.0
redhatrichfaces
3.3.1
redhatrichfaces
3.3.2
redhatrichfaces
3.3.2:sr1
redhatrichfaces
3.3.3
redhatrichfaces
4.0.0
redhatrichfaces
4.1.0
redhatrichfaces
4.2.0
redhatrichfaces
4.2.1
redhatrichfaces
4.2.2
redhatrichfaces
4.2.3
redhatrichfaces
4.3.0
redhatrichfaces
4.3.1
redhatrichfaces
4.5.0:alpha1
redhatrichfaces
5.0.0:alpha1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN38787103/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://rhn.redhat.com/errata/RHSA-2013-1041.html
http://rhn.redhat.com/errata/RHSA-2013-1042.html
http://rhn.redhat.com/errata/RHSA-2013-1043.html
http://rhn.redhat.com/errata/RHSA-2013-1044.html
http://rhn.redhat.com/errata/RHSA-2013-1045.html
http://seclists.org/fulldisclosure/2020/Mar/21
https://access.redhat.com/security/cve/CVE-2013-2165
https://bugzilla.redhat.com/show_bug.cgi?id=973570
http://jvn.jp/en/jp/JVN38787103/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://rhn.redhat.com/errata/RHSA-2013-1041.html
http://rhn.redhat.com/errata/RHSA-2013-1042.html
http://rhn.redhat.com/errata/RHSA-2013-1043.html
http://rhn.redhat.com/errata/RHSA-2013-1044.html
http://rhn.redhat.com/errata/RHSA-2013-1045.html
http://seclists.org/fulldisclosure/2020/Mar/21
https://access.redhat.com/security/cve/CVE-2013-2165
https://bugzilla.redhat.com/show_bug.cgi?id=973570