Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-2165

Published: 23/07/2013 Updated: 13/02/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Jboss Operations Network

Vulnerability Summary

ResourceBuilderImpl.java in the RichFaces 3.x up to and including 5.x implementation in Red Hat JBoss Web Framework Kit prior to 2.3.0, Red Hat JBoss Web Platform up to and including 5.2.0, Red Hat JBoss Enterprise Application Platform up to and including 4.3.0 CP10 and 5.x up to and including 5.2.0, Red Hat JBoss BRMS up to and including 5.3.1, Red Hat JBoss SOA Platform up to and including 4.3.0 CP05 and 5.x up to and including 5.3.1, Red Hat JBoss Portal up to and including 4.3 CP07 and 5.x up to and including 5.2.2, and Red Hat JBoss Operations Network up to and including 2.4.2 and 3.x up to and including 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote malicious users to execute arbitrary code via crafted serialized data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat jboss operations network 3.0

redhat richfaces 4.5.0

redhat richfaces 3.3.0

redhat jboss operations network 3.1

redhat jboss enterprise web platform 5.2.0

redhat jboss enterprise portal platform 4.3.0

redhat jboss enterprise soa platform 4.3.0

redhat jboss web framework kit 2.0.0

redhat jboss enterprise portal platform 5.2.2

redhat jboss enterprise application platform 4.3.0

redhat jboss enterprise soa platform 5.2.0

redhat jboss enterprise soa platform 4.2.0

redhat jboss enterprise portal platform 5.0.0

redhat jboss enterprise application platform 5.1.2

redhat richfaces 3.2.2

redhat jboss enterprise soa platform 5.0.2

redhat jboss enterprise soa platform 5.0.1

redhat jboss operations network 3.0.1

redhat jboss enterprise web platform 5.1.2

redhat richfaces 5.0.0

redhat jboss enterprise portal platform 5.1.1

redhat jboss web framework kit 1.0.0

redhat jboss enterprise portal platform 5.1.0

redhat jboss enterprise brms platform 5.3.1

redhat jboss operations network 3.1.2

redhat richfaces 3.3.3

redhat jboss operations network 2.4.2

redhat jboss operations network 2.3.1

redhat jboss web framework kit 1.2.0

redhat jboss operations network 2.4

redhat richfaces 3.1.4

redhat richfaces 4.2.3

redhat jboss enterprise portal platform 5.2.1

redhat jboss operations network 2.0.1

redhat jboss enterprise application platform 5.1.1

redhat richfaces 4.2.2

redhat jboss enterprise soa platform 5.1.0

redhat jboss operations network 1.0.0

redhat richfaces 4.1.0

redhat richfaces 3.1.5

redhat jboss enterprise application platform 5.0.1

redhat richfaces 3.1.1

redhat jboss web framework kit

redhat richfaces 3.2.1

redhat jboss operations network 2.1.0

redhat jboss operations network 2.3

redhat jboss enterprise web platform 5.1.0

redhat richfaces 3.3.2

redhat jboss web framework kit 1.1.0

redhat richfaces 3.1.6

redhat richfaces 3.3.1

redhat jboss enterprise brms platform 5.3.0

redhat jboss enterprise brms platform 5.0.0

redhat richfaces 4.2.0

redhat jboss enterprise portal platform 5.2.0

redhat jboss enterprise soa platform 5.1.1

redhat richfaces 4.0.0

redhat jboss enterprise application platform 5.1.0

redhat jboss enterprise brms platform 5.0.2

redhat jboss enterprise application platform 5.2.0

redhat jboss operations network 2.0.0

redhat richfaces 4.3.1

redhat richfaces 3.2.0

redhat richfaces 3.1.3

redhat jboss operations network 3.1.1

redhat richfaces 4.3.0

redhat jboss enterprise brms platform 5.1.0

redhat jboss operations network 2.2

redhat jboss operations network 2.4.1

redhat jboss enterprise web platform 5.1.1

redhat jboss web framework kit 2.1.0

redhat richfaces 3.1.0

redhat jboss enterprise soa platform 5.3.0

redhat richfaces 3.1.2

redhat richfaces 4.2.1

redhat jboss enterprise brms platform 5.0.1

redhat jboss enterprise soa platform 5.0.0

redhat jboss enterprise application platform 5.0.0

redhat jboss enterprise portal platform 5.0.1

redhat jboss enterprise brms platform 5.2.0

redhat jboss enterprise soa platform 5.3.1

Vendor Advisories

Red Hat: CVE-2013-2165
ResourceBuilderImpljava in the RichFaces 3x through 5x implementation in Red Hat JBoss Web Framework Kit before 230, Red Hat JBoss Web Platform through 520, Red Hat JBoss Enterprise Application Platform through 430 CP10 and 5x through 520, Red Hat JBoss BRMS through 531, Red Hat JBoss SOA Platform through 430 CP05 and 5x through 5 ...

Mailing Lists

Full Disclosure: RichFaces exploitation toolkit
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> RichFaces exploitation toolkit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Red Timmy Security &lt;pub ...

Github Repositories

https://github.com/Pr0phet/hitconDockerfile

Dockerfile for hitcon

The Challenges is COPY from githubcom/orangetw/ Finished Dockerfile: /hitcon-ctf-2017/babyfirst-revenge /hitcon-ctf-2017/babyfirst-revenge-v2 /hitcon-ctf-2017/sql-so-hard /hitcon-ctf-2017/ssrfme /hitcon-ctf-2017/baby^h-master-php-2017 Finished Writeup: (The README file in the folder) /hitcon-ctf-2017/babyfirst-revenge /hitcon-ctf-2017/babyfirst-revenge-v2 /hitcon-c

https://github.com/orangetw/My-CTF-Web-Challenges

Collection of CTF Web challenges I made

My CTF Web Challenges This is the repository of all CTF challenges I made, including the source code, write-up and idea explanation! Hope you like it :) Ps BTW, the Babyfirst series and One Line PHP Challenge are my favorite challenges If you haven't enough time, please look them at least! Babyfirst Babyfirst Revenge Babyfirst Revenge v2 One Line PHP Challenge And yo

https://github.com/Spid3rm4n/CTF-WEB-Challenges

My CTF Web Challenges This is the repository of all CTF challenges I made, including the source code, write-up and idea explanation! Hope you like it :) Ps BTW, the Babyfirst series and One Line PHP Challenge are my favorite challenges If you haven't enough time, please look them at least! Babyfirst Babyfirst Revenge Babyfirst Revenge v2 One Line PHP Challenge And yo

https://github.com/nth347/ctf-wutfaces-resources

MatesCTF2018 WutFaces - A CTF challenge made by @TinT0 with my own solution

ctf-wutfaces-resources MatesCTF2018 WutFaces - A CTF challenge made by @tint0 with my own solution About wutfaces-101-SNAPSHOTwar - war file for deploying to Tomcat (tested with Tomcat9 on Ubuntu 20043) wutfaces-101-SNAPSHOT - Extracted from war file src/BuildPayloadjava - Program for generating payload, it generates 2 files payloadbin and encodedPayloadtxt payloadb

https://github.com/Pastea/CVE-2013-2165

CVE-2013-2165

References

CWE-264https://access.redhat.com/security/cve/CVE-2013-2165http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072http://jvn.jp/en/jp/JVN38787103/index.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=973570http://rhn.redhat.com/errata/RHSA-2013-1042.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1044.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1041.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1045.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1043.htmlhttp://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlhttp://seclists.org/fulldisclosure/2020/Mar/21https://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Mar/21https://github.com/Pr0phet/hitconDockerfilehttps://access.redhat.com/security/cve/cve-2013-2165
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook