JBoss RichFaces Deserialization Vulnerability

Last Update Date: 12 Jul 2013 11:52 Release Date: 12 Jul 2013 4054 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in JBoss, which can be exploited by remote user to execute arbitrary code on the target system.  A remote user can send specially crafted data to trigger a flaw in the way RichFaces ResourceBuilderImpl handles deserialization and potentially execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact

  • Remote Code Execution

System / Technologies affected

  • JBoss Enterprise Application Platform 4.3.0 EL4
  • JBoss Enterprise Application Platform 4.3.0 EL5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply vendor fix

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco Products Multiple Vulnerabilities

12 Jul 2013 3266 Views

Next

Avant Browser Rendering Engines Multiple Vulnerabilities

12 Jul 2013 3404 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY