The RichFaces Framework 3.X up to and including 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat richfaces |
||
redhat enterprise linux 5.0 |
||
redhat enterprise linux 6.0 |