7.5
CVSSv2

CVE-2013-2165

Published: 23/07/2013 Updated: 09/03/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

ResourceBuilderImpl.java in the RichFaces 3.x up to and including 5.x implementation in Red Hat JBoss Web Framework Kit prior to 2.3.0, Red Hat JBoss Web Platform up to and including 5.2.0, Red Hat JBoss Enterprise Application Platform up to and including 4.3.0 CP10 and 5.x up to and including 5.2.0, Red Hat JBoss BRMS up to and including 5.3.1, Red Hat JBoss SOA Platform up to and including 4.3.0 CP05 and 5.x up to and including 5.3.1, Red Hat JBoss Portal up to and including 4.3 CP07 and 5.x up to and including 5.2.2, and Red Hat JBoss Operations Network up to and including 2.4.2 and 3.x up to and including 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote malicious users to execute arbitrary code via crafted serialized data.

Vulnerability Trend

Affected Products

Vendor Product Versions
RedhatJboss Enterprise Application Platform4.3.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.2.0
RedhatJboss Enterprise Brms Platform5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.2.0, 5.3.0, 5.3.1
RedhatJboss Enterprise Portal Platform4.3.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2
RedhatJboss Enterprise Soa Platform4.2.0, 4.3.0, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 5.3.0, 5.3.1
RedhatJboss Enterprise Web Platform5.1.0, 5.1.1, 5.1.2, 5.2.0
RedhatJboss Operations Network1.0.0, 2.0.0, 2.0.1, 2.1.0, 2.2, 2.3, 2.3.1, 2.4, 2.4.1, 2.4.2, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2
RedhatJboss Web Framework Kit1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0
RedhatRichfaces3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.5.0, 5.0.0

Vendor Advisories

ResourceBuilderImpljava in the RichFaces 3x through 5x implementation in Red Hat JBoss Web Framework Kit before 230, Red Hat JBoss Web Platform through 520, Red Hat JBoss Enterprise Application Platform through 430 CP10 and 5x through 520, Red Hat JBoss BRMS through 531, Red Hat JBoss SOA Platform through 430 CP05 and 5x through 5 ...

Mailing Lists

Hi, RichFaces 3 310 ≤ 333 CVE-2013-2165 310 ≤ 334 CVE-2018-12533 310 ≤ 334 CVE-2018-14667 RichFaces 4 400 ≤ 432 CVE-2013-2165 400 ≤ 454 CVE-2015-0279 453 ≤ 4517 CVE-2018-12532 Regards, Red Timmy Security _______________________________________________ Sent through the Full Disclosure mailing ...

Github Repositories

My CTF Web Challenges This is the repo of CTF challenges I made, including the source code, write-up and idea explanation! Hope you like it :) Ps BTW, Babyfirst series are my favorite in all challenges If you don't have time to see all, please look the them at least! Babyfirst Babyfirst Revenge Babyfirst Revenge v2 You can contact me via: orange@chrootorg blogoran

The Challenges is COPY from githubcom/orangetw/ Finished Dockerfile: /hitcon-ctf-2017/babyfirst-revenge /hitcon-ctf-2017/babyfirst-revenge-v2 /hitcon-ctf-2017/sql-so-hard /hitcon-ctf-2017/ssrfme /hitcon-ctf-2017/baby^h-master-php-2017 Finished Writeup: (The README file in the folder) /hitcon-ctf-2017/babyfirst-revenge /hitcon-ctf-2017/babyfirst-revenge-v2 /hitcon-c

Exploitation toolkit for RichFaces