Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-2165

Published: Jul 23, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-2165
CWEhttps://cwe.mitre.org/data/definitions/264.html

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Affected Software

Name Vendor Start Version End Version
Jboss_enterprise_application_platform Redhat 4.3.0 (including) 4.3.0 (including)
Jboss_enterprise_application_platform Redhat 4.3.0-cp10 (including) 4.3.0-cp10 (including)
Jboss_enterprise_application_platform Redhat 5.0.0 (including) 5.0.0 (including)
Jboss_enterprise_application_platform Redhat 5.0.1 (including) 5.0.1 (including)
Jboss_enterprise_application_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_application_platform Redhat 5.1.1 (including) 5.1.1 (including)
Jboss_enterprise_application_platform Redhat 5.1.2 (including) 5.1.2 (including)
Jboss_enterprise_application_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_enterprise_brms_platform Redhat 5.0.0 (including) 5.0.0 (including)
Jboss_enterprise_brms_platform Redhat 5.0.1 (including) 5.0.1 (including)
Jboss_enterprise_brms_platform Redhat 5.0.2 (including) 5.0.2 (including)
Jboss_enterprise_brms_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_brms_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_enterprise_brms_platform Redhat 5.3.0 (including) 5.3.0 (including)
Jboss_enterprise_brms_platform Redhat 5.3.1 (including) 5.3.1 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0-cp03 (including) 4.3.0-cp03 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0-cp04 (including) 4.3.0-cp04 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0-cp05 (including) 4.3.0-cp05 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0-cp06 (including) 4.3.0-cp06 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0-cp07 (including) 4.3.0-cp07 (including)
Jboss_enterprise_portal_platform Redhat 5.0.0 (including) 5.0.0 (including)
Jboss_enterprise_portal_platform Redhat 5.0.1 (including) 5.0.1 (including)
Jboss_enterprise_portal_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_portal_platform Redhat 5.1.1 (including) 5.1.1 (including)
Jboss_enterprise_portal_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_enterprise_portal_platform Redhat 5.2.1 (including) 5.2.1 (including)
Jboss_enterprise_portal_platform Redhat 5.2.2 (including) 5.2.2 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0 (including) 4.2.0 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-cp01 (including) 4.2.0-cp01 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-cp02 (including) 4.2.0-cp02 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-cp03 (including) 4.2.0-cp03 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-cp04 (including) 4.2.0-cp04 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-cp05 (including) 4.2.0-cp05 (including)
Jboss_enterprise_soa_platform Redhat 4.2.0-tp02 (including) 4.2.0-tp02 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0 (including) 4.3.0 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0-cp01 (including) 4.3.0-cp01 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0-cp02 (including) 4.3.0-cp02 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0-cp03 (including) 4.3.0-cp03 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0-cp04 (including) 4.3.0-cp04 (including)
Jboss_enterprise_soa_platform Redhat 4.3.0-cp05 (including) 4.3.0-cp05 (including)
Jboss_enterprise_soa_platform Redhat 5.0.0 (including) 5.0.0 (including)
Jboss_enterprise_soa_platform Redhat 5.0.1 (including) 5.0.1 (including)
Jboss_enterprise_soa_platform Redhat 5.0.2 (including) 5.0.2 (including)
Jboss_enterprise_soa_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_soa_platform Redhat 5.1.1 (including) 5.1.1 (including)
Jboss_enterprise_soa_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_enterprise_soa_platform Redhat 5.3.0 (including) 5.3.0 (including)
Jboss_enterprise_soa_platform Redhat 5.3.1 (including) 5.3.1 (including)
Jboss_enterprise_web_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_web_platform Redhat 5.1.1 (including) 5.1.1 (including)
Jboss_enterprise_web_platform Redhat 5.1.2 (including) 5.1.2 (including)
Jboss_enterprise_web_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_operations_network Redhat 1.0.0 (including) 1.0.0 (including)
Jboss_operations_network Redhat 2.0.0 (including) 2.0.0 (including)
Jboss_operations_network Redhat 2.0.1 (including) 2.0.1 (including)
Jboss_operations_network Redhat 2.1.0 (including) 2.1.0 (including)
Jboss_operations_network Redhat 2.2 (including) 2.2 (including)
Jboss_operations_network Redhat 2.3 (including) 2.3 (including)
Jboss_operations_network Redhat 2.3.1 (including) 2.3.1 (including)
Jboss_operations_network Redhat 2.4 (including) 2.4 (including)
Jboss_operations_network Redhat 2.4.1 (including) 2.4.1 (including)
Jboss_operations_network Redhat 2.4.2 (including) 2.4.2 (including)
Jboss_operations_network Redhat 3.0 (including) 3.0 (including)
Jboss_operations_network Redhat 3.0.1 (including) 3.0.1 (including)
Jboss_operations_network Redhat 3.1 (including) 3.1 (including)
Jboss_operations_network Redhat 3.1.1 (including) 3.1.1 (including)
Jboss_operations_network Redhat 3.1.2 (including) 3.1.2 (including)
Jboss_web_framework_kit Redhat * 2.2.0 (including)
Jboss_web_framework_kit Redhat 1.0.0 (including) 1.0.0 (including)
Jboss_web_framework_kit Redhat 1.1.0 (including) 1.1.0 (including)
Jboss_web_framework_kit Redhat 1.2.0 (including) 1.2.0 (including)
Jboss_web_framework_kit Redhat 2.0.0 (including) 2.0.0 (including)
Jboss_web_framework_kit Redhat 2.1.0 (including) 2.1.0 (including)
Richfaces Redhat 3.1.0 (including) 3.1.0 (including)
Richfaces Redhat 3.1.1 (including) 3.1.1 (including)
Richfaces Redhat 3.1.2 (including) 3.1.2 (including)
Richfaces Redhat 3.1.3 (including) 3.1.3 (including)
Richfaces Redhat 3.1.4 (including) 3.1.4 (including)
Richfaces Redhat 3.1.5 (including) 3.1.5 (including)
Richfaces Redhat 3.1.6 (including) 3.1.6 (including)
Richfaces Redhat 3.2.0 (including) 3.2.0 (including)
Richfaces Redhat 3.2.0-sr1 (including) 3.2.0-sr1 (including)
Richfaces Redhat 3.2.1 (including) 3.2.1 (including)
Richfaces Redhat 3.2.2 (including) 3.2.2 (including)
Richfaces Redhat 3.3.0 (including) 3.3.0 (including)
Richfaces Redhat 3.3.1 (including) 3.3.1 (including)
Richfaces Redhat 3.3.2 (including) 3.3.2 (including)
Richfaces Redhat 3.3.2-sr1 (including) 3.3.2-sr1 (including)
Richfaces Redhat 3.3.3 (including) 3.3.3 (including)
Richfaces Redhat 4.0.0 (including) 4.0.0 (including)
Richfaces Redhat 4.1.0 (including) 4.1.0 (including)
Richfaces Redhat 4.2.0 (including) 4.2.0 (including)
Richfaces Redhat 4.2.1 (including) 4.2.1 (including)
Richfaces Redhat 4.2.2 (including) 4.2.2 (including)
Richfaces Redhat 4.2.3 (including) 4.2.3 (including)
Richfaces Redhat 4.3.0 (including) 4.3.0 (including)
Richfaces Redhat 4.3.1 (including) 4.3.1 (including)
Richfaces Redhat 4.5.0-alpha1 (including) 4.5.0-alpha1 (including)
Richfaces Redhat 5.0.0-alpha1 (including) 5.0.0-alpha1 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use