RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nuxeo | Nuxeo | 5.6.0 (including) | 5.6.0 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix01 (including) | 5.6.0-hotfix01 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix02 (including) | 5.6.0-hotfix02 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix03 (including) | 5.6.0-hotfix03 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix04 (including) | 5.6.0-hotfix04 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix05 (including) | 5.6.0-hotfix05 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix06 (including) | 5.6.0-hotfix06 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix07 (including) | 5.6.0-hotfix07 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix08 (including) | 5.6.0-hotfix08 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix09 (including) | 5.6.0-hotfix09 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix10 (including) | 5.6.0-hotfix10 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix11 (including) | 5.6.0-hotfix11 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix12 (including) | 5.6.0-hotfix12 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix13 (including) | 5.6.0-hotfix13 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix14 (including) | 5.6.0-hotfix14 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix15 (including) | 5.6.0-hotfix15 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix16 (including) | 5.6.0-hotfix16 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix17 (including) | 5.6.0-hotfix17 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix18 (including) | 5.6.0-hotfix18 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix19 (including) | 5.6.0-hotfix19 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix20 (including) | 5.6.0-hotfix20 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix21 (including) | 5.6.0-hotfix21 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix22 (including) | 5.6.0-hotfix22 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix23 (including) | 5.6.0-hotfix23 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix24 (including) | 5.6.0-hotfix24 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix25 (including) | 5.6.0-hotfix25 (including) |
Nuxeo | Nuxeo | 5.6.0-hotfix26 (including) | 5.6.0-hotfix26 (including) |
Nuxeo | Nuxeo | 5.8.0 (including) | 5.8.0 (including) |