CVE-2013-2165

Severity

75%

Complexity

99%

Confidentiality

106%

Per: http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html "Download RichFaces 3.3.4.Final or RichFaces 4.3.3.Final and use them in your applications to protect yourself from this vulnerability."

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Per: http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html "Download RichFaces 3.3.4.Final or RichFaces 4.3.3.Final and use them in your applications to protect yourself from this vulnerability."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-07-23 11:03:00

Last updated 5 years ago

2020-03-09 19:15:00

Affected Software

Red Hat JBoss Enterprise Application Platform 4.3.0

4.3.0

Red Hat JBoss Enterprise Application Platform 4.3.0 CP10

4.3.0

Red Hat JBoss Enterprise Application Platform (EAP) 5.0.0

5.0.0

Red Hat JBoss Enterprise Application Platform (EAP) 5.0.1

5.0.1

Red Hat JBoss Enterprise Application Platform (EAP) 5.1.0

5.1.0

Red Hat JBoss Enterprise Application Platform (EAP) 5.1.1

5.1.1

Red Hat JBoss Enterprise Application Platform (EAP) 5.1.2

5.1.2

Red Hat JBoss Enterprise Application Platform (EAP) 5.2.0

5.2.0

RedHat JBoss Enterprise BRMS Platform 5.0.0

5.0.0

RedHat JBoss Enterprise BRMS Platform 5.0.1

5.0.1

RedHat JBoss Enterprise BRMS Platform 5.0.2

5.0.2

RedHat JBoss Enterprise BRMS Platform 5.1.0

5.1.0

RedHat JBoss Enterprise BRMS Platform 5.2.0

5.2.0

RedHat JBoss Enterprise BRMS Platform 5.3.0

5.3.0

RedHat JBoss Enterprise BRMS Platform 5.3.1

5.3.1

Red Hat JBoss Enterprise Portal Platform 4.3.0 CP03

4.3.0

Red Hat JBoss Enterprise Portal Platform 4.3.0 CP04

4.3.0

Red Hat JBoss Enterprise Portal Platform 4.3.0 CP05

4.3.0

Red Hat JBoss Enterprise Portal Platform 4.3.0 CP06

4.3.0

Red Hat JBoss Enterprise Portal Platform 4.3.0 CP07

4.3.0

Red Hat JBoss Enterprise Portal Platform 5.0.0

5.0.0

Red Hat JBoss Enterprise Portal Platform 5.0.1

5.0.1

Red Hat JBoss Enterprise Portal Platform 5.1.0

5.1.0

Red Hat JBoss Enterprise Portal Platform 5.1.1

5.1.1

Red Hat JBoss Enterprise Portal Platform 5.2.0

5.2.0

Red Hat JBoss Enterprise Portal Platform 5.2.1

5.2.1

Red Hat JBoss Enterprise Portal Platform 5.2.2

5.2.2

Red Hat JBOSS Enterprise SOA Platform 4.2.0

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0 CP01

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0 CP02

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0 CP03

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0 CP05

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0:cp05

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.2.0 TP02

4.2.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0

4.3.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0 CP01

4.3.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0 CP02

4.3.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0 CP03

4.3.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0 CP04

4.3.0

Red Hat JBOSS Enterprise SOA Platform 4.3.0 CP05

4.3.0

Red Hat JBOSS Enterprise SOA Platform 5.0.0

5.0.0

Red Hat JBOSS Enterprise SOA Platform 5.0.1

5.0.1

Red Hat JBOSS Enterprise SOA Platform 5.0.2

5.0.2

Red Hat JBOSS Enterprise SOA Platform 5.1.0

5.1.0

Red Hat JBOSS Enterprise SOA Platform 5.1.1

5.1.1

Red Hat JBOSS Enterprise SOA Platform 5.2.0

5.2.0

Red Hat JBOSS Enterprise SOA Platform 5.3.0

5.3.0

Red Hat JBOSS Enterprise SOA Platform 5.3.1

5.3.1

RedHat JBoss Enterprise Web Platform 5.1.0

5.1.0

RedHat JBoss Enterprise Web Platform 5.1.1

5.1.1

RedHat JBoss Enterprise Web Platform 5.1.2

5.1.2

RedHat JBoss Enterprise Web Platform 5.2.0

5.2.0

RedHat JBoss Operations Network (aka JON or JBoss ON) 1.0.0

1.0.0

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.0.0 GA

2.0.0

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.0.1 GA

2.0.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.1.0 GA

2.1.0

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.2

2.2

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.3

2.3

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.3.1

2.3.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.4

2.4

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.4.1

2.4.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 2.4.2

2.4.2

RedHat JBoss Operations Network (aka JON or JBoss ON) 3.0

3.0

RedHat JBoss Operations Network (aka JON or JBoss ON) 3.0.1

3.0.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 3.1

3.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 3.1.1

3.1.1

RedHat JBoss Operations Network (aka JON or JBoss ON) 3.1.2

3.1.2

Red Hat JBoss Web Framework Kit 1.0.0

1.0.0

Red Hat JBoss Web Framework Kit 1.1.0

1.1.0

Red Hat JBoss Web Framework Kit 1.2.0

1.2.0

Red Hat JBoss Web Framework Kit 2.0.0

2.0.0

Red Hat JBoss Web Framework Kit 2.1.0

2.1.0

RedHat Richfaces 3.1.0

3.1.0

RedHat Richfaces 3.1.1

3.1.1

RedHat Richfaces 3.1.2

3.1.2

RedHat Richfaces 3.1.3

3.1.3

RedHat Richfaces 3.1.4

3.1.4

RedHat Richfaces 3.1.5

3.1.5

RedHat Richfaces 3.1.6

3.1.6

RedHat Richfaces 3.2.0

3.2.0

RedHat Richfaces 3.2.0 SR1

3.2.0

RedHat Richfaces 3.2.1

3.2.1

RedHat Richfaces 3.2.2

3.2.2

RedHat Richfaces 3.3.0

3.3.0

RedHat Richfaces 3.3.1

3.3.1

RedHat Richfaces 3.3.2

3.3.2

RedHat Richfaces 3.3.2 SR1

3.3.2

RedHat Richfaces 3.3.3

3.3.3

RedHat Richfaces 4.0.0

4.0.0

RedHat Richfaces 4.1.0

4.1.0

RedHat Richfaces 4.2.0

4.2.0

RedHat Richfaces 4.2.1

4.2.1

RedHat Richfaces 4.2.2

4.2.2

RedHat Richfaces 4.2.3

4.2.3

RedHat Richfaces 4.3.0

4.3.0

RedHat Richfaces 4.3.1

4.3.1

RedHat Richfaces 4.5.0 Alpha1

4.5.0

RedHat Richfaces 5.0.0 Alpha1

5.0.0

References

JVN#38787103

Third Party Advisory, VDB Entry

JVNDB-2013-000072

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

RHSA-2013:1041

Vendor Advisory

RHSA-2013:1042

Vendor Advisory

RHSA-2013:1043

Vendor Advisory

RHSA-2013:1044

Vendor Advisory

RHSA-2013:1045

Vendor Advisory

20200313 RichFaces exploitation toolkit

https://access.redhat.com/security/cve/CVE-2013-2165

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=973570

Issue Tracking, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.