CVE-2015-0279 - OpenCVE

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Richfaces

Configuration 1 [-]

cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*

References

Link	Resource
http://jvn.jp/en/jp/JVN56297719/index.html	Third Party Advisory VDB Entry
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://rhn.redhat.com/errata/RHSA-2015-0719.html	Broken Link Vendor Advisory
http://seclists.org/fulldisclosure/2019/Jul/21
http://seclists.org/fulldisclosure/2020/Mar/21
https://bugzilla.redhat.com/show_bug.cgi?id=1192140	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2015-03-26T14:00:00

Updated: 2020-03-14T00:06:02

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0279

JSON object: View

NVD Information

Status : Modified

Published: 2015-03-26T14:59:00.070

Modified: 2019-07-23T20:15:11.000

Link: CVE-2015-0279

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-14T00:06:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"name": "RHSA-2015:0719", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"name": "JVN#56297719", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"name": "JVNDB-2015-001959", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"name": "20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"name": "RHSA-2015:0719", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"name": "JVN#56297719", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"name": "JVNDB-2015-001959", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"name": "20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"name": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0279", "datePublished": "2015-03-26T14:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2020-03-14T00:06:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF2058B7-E4C6-4759-89F4-BBF0180CDA69", "versionEndIncluding": "4.5.4", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}, {"lang": "es", "value": "JBoss RichFaces anterior a 4.5.4 permite a atacantes remotos inyectar expresiones del lenguaje de expresiones (EL) y ejecutar c\u00f3digo Java arbitrario a trav\u00e9s del par\u00e1metro do."}], "id": "CVE-2015-0279", "lastModified": "2019-07-23T20:15:11.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-26T14:59:00.070", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}