{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-14T00:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "JVN#38787103", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN38787103/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/CVE-2013-2165"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"}, {"name": "RHSA-2013:1045", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"}, {"name": "RHSA-2013:1041", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"}, {"name": "RHSA-2013:1043", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"}, {"name": "RHSA-2013:1044", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"}, {"name": "JVNDB-2013-000072", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"}, {"name": "RHSA-2013:1042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2165", "datePublished": "2013-07-22T19:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2020-03-14T00:06:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*", "matchCriteriaId": "424C0428-6E78-42B2-B77A-921116528D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "76D8FCD1-55D5-4187-87DD-39904EDE2EF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C13890AE-5FDE-4698-8A2E-1B2FA0A313AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9CDC2527-97FE-409D-8DD6-78E085CC73C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "41B77A70-95E1-4333-90E4-8056389EEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BB18D40-E8EA-4EB7-A25D-15CE6B65E21F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E911B601-2A14-4C23-81FF-689DBDB79626", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DECC247-477B-4AB3-9FD4-B7B6726A728D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C70B67DF-8122-40D6-9301-B1DD31D71F55", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6B1CE36-5131-425D-90BD-FC597F27B3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "8F570DE3-8759-44F9-B515-71889139A443", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "B5FED015-A1E5-4CDC-9E99-97FA0ED2454D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "D20B3197-3BB8-427B-8B92-D53B200A235A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*", "matchCriteriaId": "A87344DF-9FA8-40B6-98B2-A43FB86BBB6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "C9C9C8B4-693E-4777-BC31-5933147DFC54", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3221242F-802E-418B-BC9D-CFA200D99171", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5472541F-ED83-4656-AE18-1642F571D294", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "97165B18-1078-4215-94DA-0B6C4228056E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D66D2843-0273-4A3A-A9D1-48BBB15031B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6572BFDD-0A35-48CC-99A1-2BDE27BABB62", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDEABE3E-DC3E-4B98-8433-4308BBEE6F26", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "70942A41-9089-4313-8B00-5CB92518A349", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "093F7EA4-B190-49A5-AF55-42D4F960EEFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "75CBF063-6986-4217-BC8E-661B5167AB2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "3F6528B6-1147-4366-8F81-8B380903EAA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*", "matchCriteriaId": "92953D9C-8FF0-4499-A4A4-3B05696D326E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C57B8004-AF15-4F0F-B9FA-A3CFF7BD42DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "66F4FC45-CF67-44E4-96CA-31B537151C7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "E7CF5F63-C7A8-4787-9620-F5B76A9F0F3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "9BCA6581-3C94-4B1B-B30F-E0B854A68968", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "67BD448A-745D-4387-ABC8-A18DF142574D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFC497FD-503A-463B-A75E-9C4B9B716521", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A8F224EE-A5A1-490B-91A5-0196B4168F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55661526-BC23-4853-BF6C-E1899D747EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "118B3D27-8BF7-48ED-9D22-564B7D515610", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CD4700B-4C95-426E-ADF6-D165BB3E6F85", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "93B87581-F441-4A93-B797-337B7572CC08", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC20F443-4918-46D2-8251-1C8F072B7733", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F20B8708-8EC6-4B0E-9693-131F91A4FC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC1625FD-302E-457E-BDD1-977DE614CB47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "18EB42B1-D507-4B48-B835-C87AC5CC3650", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "376C608B-645D-4560-8A7E-4154DCFD2B1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DE5BA7D-BEFA-474C-BBD3-4C22F1283182", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EFFA4B2-1562-48E0-A598-3C1F8973FDF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "495496C9-8CFE-431D-84EB-1C94B7C74E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "E43C0ED7-47AA-474B-B1E8-D5358EA40A41", "versionEndIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "69A1DC5C-28D4-4C03-9B4D-EB474714B530", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0043DABE-2CF1-46FA-BC11-058EF8800D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EA16184-345B-47C0-B5C2-2FC47E7BCD87", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "910ABBBA-7FAC-4512-801C-3FDB5D7584D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "30B541A7-C0DC-4650-9C58-22E4FB14C213", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7714AE54-6EA9-4FF0-995A-EAE7C9EC90A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF339098-BFB5-4795-84D0-1D4E3CA291C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E1D36E4-44D9-4BCB-A5BB-6F9411A1EF02", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E459D64B-4427-45D4-9AD8-27322D472AA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BECB4A09-BF7E-4314-9DFA-FB093FD1035F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FA0C4149-1B58-44B4-8A4C-694EC46357B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "597510CA-20F6-4BFB-B674-BA2E54510D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E67C14B-9CAB-401F-9B8E-367DABC8B403", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.2.0:sr1:*:*:*:*:*:*", "matchCriteriaId": "CC999E61-A1E7-434F-89C5-D65150FFD3C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDDF3150-DB24-45B5-8AE4-E1389BFC7D9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C460B1D-6C7D-40B8-8F23-192CCEB68948", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A03D84C-BB68-4564-97F7-8CD326D86B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E2B5531-406B-47EA-A61F-2D3DD07E5BE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D2FE027-BF63-4EC9-B743-C7A805A65FCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.3.2:sr1:*:*:*:*:*:*", "matchCriteriaId": "66F0B040-84E3-44B4-ACE4-0BC9366C064E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD902B25-B15E-463E-8DF0-7DD0889A2B00", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E27F9EFE-D7CA-46A0-99B2-F4FDE622A9CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A438EF-E450-49DE-B745-3F8034C715DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7201416F-1CAC-431E-93A8-74FBB708CC53", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E9C9F20-702E-4943-9AE9-D419BFFFBC45", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "8E7B1BC4-71B6-4F46-927F-E537A1688CD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "730FB8DB-5116-4BF2-9348-F280ACF3D197", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B82F2B98-5B8B-4BA0-912C-0C6C6B5393DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "986311E6-C44C-4DFF-A74B-1501DFB9B5A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:4.5.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "4D6E0C8B-8901-47F9-A96E-645BE5037666", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:richfaces:5.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "8DA147D3-F295-4DBD-87AD-40C7F9B00C8F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data."}, {"lang": "es", "value": "ResourceBuilderImpl.java en la implementaci\u00f3n de RichFaces 3.x a 5.x en la implementaci\u00f3n de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserializaci\u00f3n de los m\u00e9todos que pueden ser invocados, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos serializados."}], "evaluatorComment": "Per: http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html\n\n\"Download RichFaces 3.3.4.Final or RichFaces 4.3.3.Final and use them in your applications to protect yourself from this vulnerability.\"", "id": "CVE-2013-2165", "lastModified": "2023-02-13T00:28:28.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-23T11:03:11.980", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN38787103/index.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2013-2165"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}