JBoss RichFaces prior to 4.5.4 allows remote malicious users to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
It was found that the 'do' parameter permitted expression language (EL) injection, which could allow a remote attacker to execute Java methods on an affected server ...
<!--X-Body-Begin-->
<!--X-User-Header-->
Full Disclosure
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
RichFaces exploitation toolkit
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Red Timmy Security <pub ...
<!--X-Body-Begin-->
<!--X-User-Header-->
Full Disclosure
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Tufin SecureChange uses Richfaces 435, vulnerable to CVE-2015-0279 (unauthenticated RCE)
<!--X-Subject-Header-End--> ...
Cisco Umbrella Reporting
Use Cisco Umbrella's Reporting to monitor your Umbrella integration and gain a better understanding of your Umbrella usage Gain insights into request activity and blocked activity, determining which of your identities are generating blocked requests Reports help build actionable intelligence in addressing security threats including changes in usa