7.5

CVE-2013-2165

EPSS 25.71%
Published 23.07.2013 11:03:11
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version4.3.0

Redhat ≫ Jboss Enterprise Application Platform Version4.3.0 Updatecp10

Redhat ≫ Jboss Enterprise Application Platform Version5.0.0

Redhat ≫ Jboss Enterprise Application Platform Version5.0.1

Redhat ≫ Jboss Enterprise Application Platform Version5.1.0

Redhat ≫ Jboss Enterprise Application Platform Version5.1.1

Redhat ≫ Jboss Enterprise Application Platform Version5.1.2

Redhat ≫ Jboss Enterprise Application Platform Version5.2.0

Redhat ≫ Jboss Enterprise Brms Platform Version5.0.0

Redhat ≫ Jboss Enterprise Brms Platform Version5.0.1

Redhat ≫ Jboss Enterprise Brms Platform Version5.0.2

Redhat ≫ Jboss Enterprise Brms Platform Version5.1.0

Redhat ≫ Jboss Enterprise Brms Platform Version5.2.0

Redhat ≫ Jboss Enterprise Brms Platform Version5.3.0

Redhat ≫ Jboss Enterprise Brms Platform Version5.3.1

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp06

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp07

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.2

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatetp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.1

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.2

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.1

Redhat ≫ Jboss Enterprise Soa Platform Version5.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.3.1

Redhat ≫ Jboss Enterprise Web Platform Version5.1.0

Redhat ≫ Jboss Enterprise Web Platform Version5.1.1

Redhat ≫ Jboss Enterprise Web Platform Version5.1.2

Redhat ≫ Jboss Enterprise Web Platform Version5.2.0

Redhat ≫ Jboss Operations Network Version1.0.0

Redhat ≫ Jboss Operations Network Version2.0.0

Redhat ≫ Jboss Operations Network Version2.0.1

Redhat ≫ Jboss Operations Network Version2.1.0

Redhat ≫ Jboss Operations Network Version2.2

Redhat ≫ Jboss Operations Network Version2.3

Redhat ≫ Jboss Operations Network Version2.3.1

Redhat ≫ Jboss Operations Network Version2.4

Redhat ≫ Jboss Operations Network Version2.4.1

Redhat ≫ Jboss Operations Network Version2.4.2

Redhat ≫ Jboss Operations Network Version3.0

Redhat ≫ Jboss Operations Network Version3.0.1

Redhat ≫ Jboss Operations Network Version3.1

Redhat ≫ Jboss Operations Network Version3.1.1

Redhat ≫ Jboss Operations Network Version3.1.2

Redhat ≫ Jboss Web Framework Kit Version <= 2.2.0

Redhat ≫ Jboss Web Framework Kit Version1.0.0

Redhat ≫ Jboss Web Framework Kit Version1.1.0

Redhat ≫ Jboss Web Framework Kit Version1.2.0

Redhat ≫ Jboss Web Framework Kit Version2.0.0

Redhat ≫ Jboss Web Framework Kit Version2.1.0

Redhat ≫ Richfaces Version3.1.0

Redhat ≫ Richfaces Version3.1.1

Redhat ≫ Richfaces Version3.1.2

Redhat ≫ Richfaces Version3.1.3

Redhat ≫ Richfaces Version3.1.4

Redhat ≫ Richfaces Version3.1.5

Redhat ≫ Richfaces Version3.1.6

Redhat ≫ Richfaces Version3.2.0

Redhat ≫ Richfaces Version3.2.0 Updatesr1

Redhat ≫ Richfaces Version3.2.1

Redhat ≫ Richfaces Version3.2.2

Redhat ≫ Richfaces Version3.3.0

Redhat ≫ Richfaces Version3.3.1

Redhat ≫ Richfaces Version3.3.2

Redhat ≫ Richfaces Version3.3.2 Updatesr1

Redhat ≫ Richfaces Version3.3.3

Redhat ≫ Richfaces Version4.0.0

Redhat ≫ Richfaces Version4.1.0

Redhat ≫ Richfaces Version4.2.0

Redhat ≫ Richfaces Version4.2.1

Redhat ≫ Richfaces Version4.2.2

Redhat ≫ Richfaces Version4.2.3

Redhat ≫ Richfaces Version4.3.0

Redhat ≫ Richfaces Version4.3.1

Redhat ≫ Richfaces Version4.5.0 Updatealpha1

Redhat ≫ Richfaces Version5.0.0 Updatealpha1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.71%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://jvn.jp/en/jp/JVN38787103/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072

Third Party Advisory

VDB Entry

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

http://rhn.redhat.com/errata/RHSA-2013-1041.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1042.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1043.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1044.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1045.html

Vendor Advisory

http://seclists.org/fulldisclosure/2020/Mar/21

https://access.redhat.com/security/cve/CVE-2013-2165

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=973570

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2013-2165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2165

EUVD