Lucene search
PRIOn knowledge basePRION:CVE-2013-4521HistoryFeb 06, 2020 - 4:15 p.m.
Deserialization of untrusted data
2020-02-0616:15:00
PRIOn knowledge base
www.prio-n.com
6
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nuxeo | eq | 5.8.0 | |
| nuxeo | eq | 5.6.0 | |
| nuxeo | eq | 5.6.0 hotfix1 | |
| nuxeo | eq | 5.6.0 hotfix2 | |
| nuxeo | eq | 5.6.0 hotfix3 | |
| nuxeo | eq | 5.6.0 hotfix4 | |
| nuxeo | eq | 5.6.0 hotfix5 | |
| nuxeo | eq | 5.6.0 hotfix6 | |
| nuxeo | eq | 5.6.0 hotfix7 | |
| nuxeo | eq | 5.6.0 hotfix8 |
Related
cve
cve
CVE-2013-4521
2020-02-06 16:15:11
CVE-2013-2165
2013-07-23 11:03:11
nvd
nvd
CVE-2013-4521
2020-02-06 16:15:11
CVE-2013-2165
2013-07-23 11:03:11
cvelist
cvelist
CVE-2013-4521
2020-02-06 15:43:41
CVE-2013-2165
2013-07-22 19:00:00
ibm
ibm
nessus
nessus
RHEL 5 / 6 : richfaces (RHSA-2013:1042)
2013-07-11 00:00:00
RHEL 5 : jboss-seam2 (RHSA-2013:1044)
2013-07-11 00:00:00
RHEL 5 / 6 : richfaces in JBoss EWP (RHSA-2013:1043)
2014-06-28 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Remote Code Execution (RCE) in DoD Websites
2017-06-01 20:39:34
seebug
seebug
JBoss RichFaces θΏη¨δ»£η ζ§θ‘ζΌζ΄(CVE-2013-2165)
2013-07-17 00:00:00
prion
prion
Deserialization of untrusted data
2013-07-23 11:03:00
ubuntucve
ubuntucve
CVE-2013-2165
2013-07-23 00:00:00
github
github
Remote code execution due to insecure deserialization
2022-05-13 01:27:59
redhat
redhat
(RHSA-2013:1042) Critical: richfaces security update
2013-07-10 00:00:00
(RHSA-2013:1043) Critical: richfaces security update
2013-07-10 00:00:00
(RHSA-2013:1044) Critical: jboss-seam2 security update
2013-07-10 00:00:00
jvn
jvn
JVN#38787103: JBoss RichFaces vulnerable to remote code execution
2013-07-19 00:00:00
osv
osv
Remote code execution due to insecure deserialization
2022-05-13 01:27:59
veracode
veracode
Remote Code Execution Through Deserialization Attack
2019-01-15 08:55:59