CVE-2013-2165
EPSS 24.1%Remote code execution due to insecure deserialization
Published: 5/13/2022Modified: 11/8/2023
Description
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
Affected packages (1)
- Maven/org.richfaces:richfaces>= 3.1.0, < 3.3.3
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2165
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000072
- WEBhttp://jvn.jp/en/jp/JVN38787103/index.html
- WEBhttp://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
- WEBhttps://access.redhat.com/security/cve/CVE-2013-2165
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=973570
- WEBhttp://seclists.org/fulldisclosure/2020/Mar/21