CVE-2013-2165
Last modified
CVE-2013-2165 is a vulnerability of currently unknown severity. ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.. EPSS estimates a 12.66% chance of exploitation in the next 30 days.
Description
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 4.3.0 | — |
| Redhat | Jboss Enterprise Application Platform | 5.0.0 | — |
| Redhat | Jboss Enterprise Application Platform | 5.0.1 | — |
| Redhat | Jboss Enterprise Application Platform | 5.1.0 | — |
| Redhat | Jboss Enterprise Application Platform | 5.1.1 | — |
| Redhat | Jboss Enterprise Application Platform | 5.1.2 | — |
| Redhat | Jboss Enterprise Application Platform | 5.2.0 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.0.0 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.0.1 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.0.2 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.1.0 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.2.0 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.3.0 | — |
| Redhat | Jboss Enterprise Brms Platform | 5.3.1 | — |
| Redhat | Jboss Enterprise Portal Platform | 4.3.0 | Cp03 |
| Redhat | Jboss Enterprise Portal Platform | 5.0.0 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.0.1 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.1.0 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.1.1 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.2.0 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.2.1 | — |
| Redhat | Jboss Enterprise Portal Platform | 5.2.2 | — |
| Redhat | Jboss Enterprise Soa Platform | 4.2.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 4.3.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.0.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.0.1 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.0.2 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.1.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.1.1 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.2.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.3.0 | — |
| Redhat | Jboss Enterprise Soa Platform | 5.3.1 | — |
| Redhat | Jboss Enterprise Web Platform | 5.1.0 | — |
| Redhat | Jboss Enterprise Web Platform | 5.1.1 | — |
| Redhat | Jboss Enterprise Web Platform | 5.1.2 | — |
| Redhat | Jboss Enterprise Web Platform | 5.2.0 | — |
| Redhat | Jboss Operations Network | 1.0.0 | — |
| Redhat | Jboss Operations Network | 2.0.0 | — |
| Redhat | Jboss Operations Network | 2.0.1 | — |
| Redhat | Jboss Operations Network | 2.1.0 | — |
| Redhat | Jboss Operations Network | 2.2 | — |
| Redhat | Jboss Operations Network | 2.3 | — |
| Redhat | Jboss Operations Network | 2.3.1 | — |
| Redhat | Jboss Operations Network | 2.4 | — |
| Redhat | Jboss Operations Network | 2.4.1 | — |
| Redhat | Jboss Operations Network | 2.4.2 | — |
| Redhat | Jboss Operations Network | 3.0 | — |
| Redhat | Jboss Operations Network | 3.0.1 | — |
| Redhat | Jboss Operations Network | 3.1 | — |
| Redhat | Jboss Operations Network | 3.1.1 | — |
Showing 50 of 81 affected configurations. See NVD for the full list.
References
- http://jvn.jp/en/jp/JVN38787103/index.htmlThird Party Advisory, VDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072Third Party Advisory, VDB Entry
- http://rhn.redhat.com/errata/RHSA-2013-1041.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1042.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1043.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1044.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1045.htmlVendor Advisory
- https://access.redhat.com/security/cve/CVE-2013-2165Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=973570Issue Tracking, Vendor Advisory
- http://jvn.jp/en/jp/JVN38787103/index.htmlThird Party Advisory, VDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072Third Party Advisory, VDB Entry
- http://rhn.redhat.com/errata/RHSA-2013-1041.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1042.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1043.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1044.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1045.htmlVendor Advisory
- https://access.redhat.com/security/cve/CVE-2013-2165Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=973570Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2165?
How severe is CVE-2013-2165?
How do I fix CVE-2013-2165?
Are you affected by CVE-2013-2165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST