CVE-2018-14667
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
YesDecision
Descriptions
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
RichFaces Framework en versiones 3.X hasta la 3.3.4 es vulnerable a una inyección Expression Language (EL) mediante el recurso UserResource. Un atacante no autenticado remoto podría explotar esto para ejecutar código arbitrario mediante una cadena de objetos Java serializados mediante org.ajax4jsf.resource.UserResource$UriData.
Richfaces version 3.x suffers from a remote code execution vulnerability.
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-27 CVE Reserved
- 2018-11-06 CVE Published
- 2018-11-23 First Exploit
- 2023-09-28 Exploited in Wild
- 2023-10-19 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-11-21 EPSS Updated
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html | Third Party Advisory | |
http://seclists.org/fulldisclosure/2020/Mar/21 | Mailing List | |
http://www.securitytracker.com/id/1042037 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/syriusbughunt/CVE-2018-14667 | 2018-11-30 | |
https://github.com/Venscor/CVE-2018-14667-poc | 2019-09-24 | |
https://github.com/zeroto01/CVE-2018-14667 | 2018-11-23 | |
https://github.com/r00t4dm/CVE-2018-14667 | 2018-11-29 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3517 | 2020-08-28 | |
https://access.redhat.com/errata/RHSA-2018:3518 | 2020-08-28 | |
https://access.redhat.com/errata/RHSA-2018:3519 | 2020-08-28 | |
https://access.redhat.com/errata/RHSA-2018:3581 | 2020-08-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667 | 2020-08-28 | |
https://access.redhat.com/security/cve/CVE-2018-14667 | 2018-11-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1639139 | 2018-11-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Richfaces Search vendor "Redhat" for product "Richfaces" | >= 3.1.0 <= 3.3.4 Search vendor "Redhat" for product "Richfaces" and version " >= 3.1.0 <= 3.3.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
|