CVE-2015-0279

Current Description

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Basic Data

PublishedMarch 26, 2015
Last ModifiedJuly 23, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatRichfaces********4.0.04.5.4

Vulnerable Software List

VendorProductVersions
Redhat Richfaces *

References

NameSourceURLTags
JVN#56297719http://jvn.jp/en/jp/JVN56297719/index.htmlJVNThird Party Advisory VDB Entry
JVNDB-2015-001959http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.htmlJVNDBThird Party Advisory VDB Entry
http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.htmlMISC
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlhttp://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlMISC
RHSA-2015:0719http://rhn.redhat.com/errata/RHSA-2015-0719.htmlREDHATBroken Link Vendor Advisory
20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)http://seclists.org/fulldisclosure/2019/Jul/21FULLDISC
20200313 RichFaces exploitation toolkithttp://seclists.org/fulldisclosure/2020/Mar/21FULLDISC
https://bugzilla.redhat.com/show_bug.cgi?id=1192140https://bugzilla.redhat.com/show_bug.cgi?id=1192140CONFIRMIssue Tracking Vendor Advisory