7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.1 Low
EPSS
Percentile
94.9%
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
CPE | Name | Operator | Version |
---|---|---|---|
org.richfaces:richfaces | lt | 4.3.2 | |
org.richfaces:richfaces | lt | 3.3.3 |
jvn.jp/en/jp/JVN38787103/index.html
jvndb.jvn.jp/jvndb/JVNDB-2013-000072
packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
seclists.org/fulldisclosure/2020/Mar/21
access.redhat.com/security/cve/CVE-2013-2165
bugzilla.redhat.com/show_bug.cgi?id=973570
github.com/advisories/GHSA-4344-frcp-j22q
nvd.nist.gov/vuln/detail/CVE-2013-2165