CVE-2013-4521

Description

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

Software From Fixed in
nuxeo / nuxeo 5.6.0 5.6.0.x
nuxeo / nuxeo 5.6.0-hotfix01 5.6.0-hotfix01.x
nuxeo / nuxeo 5.6.0-hotfix02 5.6.0-hotfix02.x
nuxeo / nuxeo 5.6.0-hotfix03 5.6.0-hotfix03.x
nuxeo / nuxeo 5.6.0-hotfix04 5.6.0-hotfix04.x
nuxeo / nuxeo 5.6.0-hotfix05 5.6.0-hotfix05.x
nuxeo / nuxeo 5.6.0-hotfix06 5.6.0-hotfix06.x
nuxeo / nuxeo 5.6.0-hotfix07 5.6.0-hotfix07.x
nuxeo / nuxeo 5.6.0-hotfix08 5.6.0-hotfix08.x
nuxeo / nuxeo 5.6.0-hotfix09 5.6.0-hotfix09.x
nuxeo / nuxeo 5.6.0-hotfix10 5.6.0-hotfix10.x
nuxeo / nuxeo 5.6.0-hotfix11 5.6.0-hotfix11.x
nuxeo / nuxeo 5.6.0-hotfix12 5.6.0-hotfix12.x
nuxeo / nuxeo 5.6.0-hotfix13 5.6.0-hotfix13.x
nuxeo / nuxeo 5.6.0-hotfix14 5.6.0-hotfix14.x
nuxeo / nuxeo 5.6.0-hotfix15 5.6.0-hotfix15.x
nuxeo / nuxeo 5.6.0-hotfix16 5.6.0-hotfix16.x
nuxeo / nuxeo 5.6.0-hotfix17 5.6.0-hotfix17.x
nuxeo / nuxeo 5.6.0-hotfix18 5.6.0-hotfix18.x
nuxeo / nuxeo 5.6.0-hotfix19 5.6.0-hotfix19.x
nuxeo / nuxeo 5.6.0-hotfix20 5.6.0-hotfix20.x
nuxeo / nuxeo 5.6.0-hotfix21 5.6.0-hotfix21.x
nuxeo / nuxeo 5.6.0-hotfix22 5.6.0-hotfix22.x
nuxeo / nuxeo 5.6.0-hotfix23 5.6.0-hotfix23.x
nuxeo / nuxeo 5.6.0-hotfix24 5.6.0-hotfix24.x
nuxeo / nuxeo 5.6.0-hotfix25 5.6.0-hotfix25.x
nuxeo / nuxeo 5.6.0-hotfix26 5.6.0-hotfix26.x
nuxeo / nuxeo 5.8.0 5.8.0.x