Published: 18/06/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

JBoss RichFaces 3.1.0 up to and including 3.3.4 allows unauthenticated remote malicious users to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat richfaces

Synopsis Critical: Red Hat JBoss Enterprise Application Platform 52 security update Type/Severity Security Advisory: Critical Topic A security update is now available for Red Hat JBoss Enterprise ApplicationPlatform from the Customer PortalRed Hat Product Security has rated this update as having a securit ...

Synopsis Important: Red Hat JBoss Operations Network 3311 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Operations NetworkRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

JBoss RichFaces 310 through 334 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an orgrichfacesrenderkithtmlPaint2DResource$ImageData object, aka RF-14310 ...

Full Disclosure mailing list archives   By Date By Thread </form>    RichFaces exploitation toolkit   From: Red Timmy Security <pub ...

RF-14310 / CVE-2018-12533 - Payload generator

RF-14310 / CVE-2018-12533 payload generator Based on Lucifaer research All credit goes to githubcom/Lucifaer References accessredhatcom/security/cve/cve-2018-12533 richfaces-jboss-poc Easy to deploy proof of concept to practice Richfaces 334 deserialization + EL injection exploitation, without having to worry too much about old Java versions etc Deploy jbo

The original richfaces-impl.3.3.4.Final, but with all the whitelisted classes removed from resource-serialization.properties

richfaces-impl-patched The original richfaces-impl334Final, but with all the whitelisted classes removed from resource-serializationproperties Several vulnerabilities (such as CVE-2018-12533 and CVE-2018-14667) are based on the fact that under certain circumstances RichFaces deserializes classes based on a whitelist, which is defined in a file called resource-serialization

CVE-2018-12533 Credits to wwwlucifaercom/2018/12/05/RF-14310%EF%BC%88CVE-2018-12533%EF%BC%89%E5%88%86%E6%9E%90/

CWE-917 https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html http://www.securityfocus.com/bid/104502 https://access.redhat.com/errata/RHSA-2018:2664 https://access.redhat.com/errata/RHSA-2018:2663 http://www.securitytracker.com/id/1041617 https://access.redhat.com/errata/RHSA-2018:2930 http://seclists.org/fulldisclosure/2020/Mar/21 https://access.redhat.com/errata/RHSA-2018:2664 https://nvd.nist.gov https://github.com/TheKalin/CVE-2018-12533

CVE-2018-12533

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect