Back to CVE Browser

CVE-2018-12533

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile1.30th

PublishedJun 18, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

Affected Platforms (CPE)

📦

Redhat

Richfaces

>= 3.1.0 and <= 3.3.4

References & Advisories

🔗 http://seclists.org/fulldisclosure/2020/Mar/21

🔗 http://www.securityfocus.com/bid/104502

🔗 http://www.securitytracker.com/id/1041617

🔗 https://access.redhat.com/errata/RHSA-2018:2663

🔗 https://access.redhat.com/errata/RHSA-2018:2664

🔗 https://access.redhat.com/errata/RHSA-2018:2930

🔗 https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html

🔗 http://seclists.org/fulldisclosure/2020/Mar/21

Related Vulnerabilities

CVE-2018-125329.8

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) varia...

CVE-2018-146679.8

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A rem...

CVE-2013-45219.8

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deseri...

CVE-2013-21657.5

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat ...