CVE-2013-2165
Summary
| CVE | CVE-2013-2165 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-07-23 11:03:00 UTC |
| Updated | 2023-02-13 00:28:00 UTC |
| Description | ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp10 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp10 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.3.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.0.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | 5.3.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp06 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp07 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp06 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 4.3.0 | cp07 | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp01 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | tp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp01 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.3.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp01 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.2.0 | tp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp01 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp02 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp03 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.0.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.3.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 1.0.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.0.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.0.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.1.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.2 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.3 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.3.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4.2 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.0.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1.2 | All | All | All |
| Application | Redhat | Jboss Operations Network | 1.0.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.0.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.0.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.1.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.2 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.3 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.3.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 2.4.2 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.0 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.0.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1.1 | All | All | All |
| Application | Redhat | Jboss Operations Network | 3.1.2 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.0.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.1.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.2.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 2.0.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 2.1.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.0.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.1.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 1.2.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 2.0.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | 2.1.0 | All | All | All |
| Application | Redhat | Jboss Web Framework Kit | All | All | All | All |
| Application | Redhat | Richfaces | 3.1.0 | All | All | All |
| Application | Redhat | Richfaces | 3.1.1 | All | All | All |
| Application | Redhat | Richfaces | 3.1.2 | All | All | All |
| Application | Redhat | Richfaces | 3.1.3 | All | All | All |
| Application | Redhat | Richfaces | 3.1.4 | All | All | All |
| Application | Redhat | Richfaces | 3.1.5 | All | All | All |
| Application | Redhat | Richfaces | 3.1.6 | All | All | All |
| Application | Redhat | Richfaces | 3.2.0 | All | All | All |
| Application | Redhat | Richfaces | 3.2.0 | sr1 | All | All |
| Application | Redhat | Richfaces | 3.2.1 | All | All | All |
| Application | Redhat | Richfaces | 3.2.2 | All | All | All |
| Application | Redhat | Richfaces | 3.3.0 | All | All | All |
| Application | Redhat | Richfaces | 3.3.1 | All | All | All |
| Application | Redhat | Richfaces | 3.3.2 | All | All | All |
| Application | Redhat | Richfaces | 3.3.2 | sr1 | All | All |
| Application | Redhat | Richfaces | 3.3.3 | All | All | All |
| Application | Redhat | Richfaces | 4.0.0 | All | All | All |
| Application | Redhat | Richfaces | 4.1.0 | All | All | All |
| Application | Redhat | Richfaces | 4.2.0 | All | All | All |
| Application | Redhat | Richfaces | 4.2.1 | All | All | All |
| Application | Redhat | Richfaces | 4.2.2 | All | All | All |
| Application | Redhat | Richfaces | 4.2.3 | All | All | All |
| Application | Redhat | Richfaces | 4.3.0 | All | All | All |
| Application | Redhat | Richfaces | 4.3.1 | All | All | All |
| Application | Redhat | Richfaces | 4.5.0 | alpha1 | All | All |
| Application | Redhat | Richfaces | 5.0.0 | alpha1 | All | All |
| Application | Redhat | Richfaces | 3.1.0 | All | All | All |
| Application | Redhat | Richfaces | 3.1.1 | All | All | All |
| Application | Redhat | Richfaces | 3.1.2 | All | All | All |
| Application | Redhat | Richfaces | 3.1.3 | All | All | All |
| Application | Redhat | Richfaces | 3.1.4 | All | All | All |
| Application | Redhat | Richfaces | 3.1.5 | All | All | All |
| Application | Redhat | Richfaces | 3.1.6 | All | All | All |
| Application | Redhat | Richfaces | 3.2.0 | All | All | All |
| Application | Redhat | Richfaces | 3.2.0 | sr1 | All | All |
| Application | Redhat | Richfaces | 3.2.1 | All | All | All |
| Application | Redhat | Richfaces | 3.2.2 | All | All | All |
| Application | Redhat | Richfaces | 3.3.0 | All | All | All |
| Application | Redhat | Richfaces | 3.3.1 | All | All | All |
| Application | Redhat | Richfaces | 3.3.2 | All | All | All |
| Application | Redhat | Richfaces | 3.3.2 | sr1 | All | All |
| Application | Redhat | Richfaces | 3.3.3 | All | All | All |
| Application | Redhat | Richfaces | 4.0.0 | All | All | All |
| Application | Redhat | Richfaces | 4.1.0 | All | All | All |
| Application | Redhat | Richfaces | 4.2.0 | All | All | All |
| Application | Redhat | Richfaces | 4.2.1 | All | All | All |
| Application | Redhat | Richfaces | 4.2.2 | All | All | All |
| Application | Redhat | Richfaces | 4.2.3 | All | All | All |
| Application | Redhat | Richfaces | 4.3.0 | All | All | All |
| Application | Redhat | Richfaces | 4.3.1 | All | All | All |
| Application | Redhat | Richfaces | 4.5.0 | alpha1 | All | All |
| Application | Redhat | Richfaces | 5.0.0 | alpha1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Richsploit RichFaces Exploitation Toolkit ≈ Packet Storm | MISC | packetstormsecurity.com | |
| JVN#38787103: JBoss RichFaces vulnerable to remote code execution | JVN | jvn.jp | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Full Disclosure: RichFaces exploitation toolkit | FULLDISC | seclists.org | |
| JVNDB-2013-000072 | JVNDB | jvndb.jvn.jp | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| RHSA-2013:1045 | REDHAT | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| 973570 – (CVE-2013-2165) CVE-2013-2165 JBoss RichFaces: Remote code execution due to insecure deserialization | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| access.redhat.com | CVE-2013-2165 | CONFIRM | access.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.