Published: 18/06/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

JBoss RichFaces 4.5.3 up to and including 4.5.17 allows unauthenticated remote malicious users to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat richfaces

JBoss RichFaces 453 through 4517 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309 ...

Full Disclosure mailing list archives   By Date By Thread </form>    RichFaces exploitation toolkit   From: Red Timmy Security <pub ...

Cisco Umbrella Reporting Use Cisco Umbrella's Reporting to monitor your Umbrella integration and gain a better understanding of your Umbrella usage Gain insights into request activity and blocked activity, determining which of your identities are generating blocked requests Reports help build actionable intelligence in addressing security threats including changes in usa

CWE-917 https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html http://www.securityfocus.com/bid/104503 http://seclists.org/fulldisclosure/2020/Mar/21 https://nvd.nist.gov https://github.com/RamboV/CiscoUmbrellaReporting_XSOAR http://seclists.org/fulldisclosure/2020/Mar/21 https://access.redhat.com/security/cve/cve-2018-12532

CVE-2018-12532

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect