Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Source

The MITRE CVE dictionary describes this issue as:

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Find out more about CVE-2013-2165 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score	7.5
Base Metrics	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat JBoss Web Framework Kit 2.3	RHSA-2013:1041	2013-07-10
Red Hat JBoss Enterprise Application Platform 4.3	RHSA-2013:1045	2013-07-11
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (richfaces)	RHSA-2013:1042	2013-07-10
Red Hat JBoss Web Platform 5 for RHEL 5 Server (richfaces)	RHSA-2013:1043	2013-07-10
Red Hat JBoss Web Platform 5.2	RHSA-2013:1045	2013-07-11
Red Hat JBoss Operations Network 3.1	RHSA-2013:1045	2013-07-11
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (richfaces)	RHSA-2013:1042	2013-07-10
Red Hat JBoss Portal 5.2	RHSA-2013:1045	2013-07-11
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server (jboss-seam2)	RHSA-2013:1044	2013-07-11
Red Hat JBoss Web Platform 5 for RHEL 4 AS (richfaces)	RHSA-2013:1043	2013-07-10
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS (jboss-seam2)	RHSA-2013:1044	2013-07-11
Red Hat JBoss SOA Platform 4.3	RHSA-2013:1045	2013-07-11
Red Hat JBoss Enterprise Application Platform 5.2	RHSA-2013:1045	2013-07-11
Red Hat JBoss Operations Network 2.4	RHSA-2013:1045	2013-07-11
Red Hat JBoss SOA Platform 5.3	RHSA-2013:1045	2013-07-11
JBoss Enterprise BRMS Platform 5.3	RHSA-2013:1045	2013-07-11
Red Hat JBoss Web Platform 5 for RHEL 6 Server (richfaces)	RHSA-2013:1043	2013-07-10
Red Hat JBoss Portal 4.3	RHSA-2013:1045	2013-07-11
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (richfaces)	RHSA-2013:1042	2013-07-10

Acknowledgements

Red Hat would like to thank Takeshi Terada (Mitsui Bussan Secure Directions, Inc.) for reporting this issue.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2165

CVSS v2 metrics

Red Hat Security Errata

Acknowledgements

Vulmon Search

About

Products

Connect