CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

Published: Jun 18, 2018
Updated: May 9, 2024
CVE: CVE-2018-12533
GHSA: GHSA-4j38-wjhf-884r
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-917

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
redhat / richfaces	3.1.0	3.3.4.x
org.richfaces / richfaces-core	3.1.0	3.3.4.x

http://seclists.org/fulldisclosure/2020/Mar/21
http://www.securityfocus.com/bid/104502
http://www.securitytracker.com/id/1041617
https://access.redhat.com/errata/RHSA-2018:2663
https://access.redhat.com/errata/RHSA-2018:2664
https://access.redhat.com/errata/RHSA-2018:2930
https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html

Vulnerability Database

289,697

CVE-2018-12533