CVE-2013-2165

Published: Jul 23, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Affected (99)

Products: Redhat: Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Soa Platform, Jboss Enterprise Web Platform, Jboss Operations Network, Jboss Web Framework Kit, Richfaces

Redhat

8 products

Jboss Enterprise Application Platform

Jboss Enterprise Brms Platform

Jboss Enterprise Portal Platform

Jboss Enterprise Soa Platform

Jboss Enterprise Web Platform

Jboss Operations Network

Jboss Web Framework Kit

Richfaces

Configuration A

99 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 4.3.0
Redhat Jboss Enterprise Application Platform	Version 4.3.0 cp10
Redhat Jboss Enterprise Application Platform	Version 5.0.0
Redhat Jboss Enterprise Application Platform	Version 5.0.1
Redhat Jboss Enterprise Application Platform	Version 5.1.0
Redhat Jboss Enterprise Application Platform	Version 5.1.1
Redhat Jboss Enterprise Application Platform	Version 5.1.2
Redhat Jboss Enterprise Application Platform	Version 5.2.0
Redhat Jboss Enterprise Brms Platform	Version 5.0.0
Redhat Jboss Enterprise Brms Platform	Version 5.0.1
Redhat Jboss Enterprise Brms Platform	Version 5.0.2
Redhat Jboss Enterprise Brms Platform	Version 5.1.0
Redhat Jboss Enterprise Brms Platform	Version 5.2.0
Redhat Jboss Enterprise Brms Platform	Version 5.3.0
Redhat Jboss Enterprise Brms Platform	Version 5.3.1
Redhat Jboss Enterprise Portal Platform	Version 4.3.0 cp03
Redhat Jboss Enterprise Portal Platform	Version 4.3.0 cp04
Redhat Jboss Enterprise Portal Platform	Version 4.3.0 cp05
Redhat Jboss Enterprise Portal Platform	Version 4.3.0 cp06
Redhat Jboss Enterprise Portal Platform	Version 4.3.0 cp07
Redhat Jboss Enterprise Portal Platform	Version 5.0.0
Redhat Jboss Enterprise Portal Platform	Version 5.0.1
Redhat Jboss Enterprise Portal Platform	Version 5.1.0
Redhat Jboss Enterprise Portal Platform	Version 5.1.1
Redhat Jboss Enterprise Portal Platform	Version 5.2.0
Redhat Jboss Enterprise Portal Platform	Version 5.2.1
Redhat Jboss Enterprise Portal Platform	Version 5.2.2
Redhat Jboss Enterprise Soa Platform	Version 4.2.0
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 cp01
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 cp02
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 cp03
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 cp04
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 cp05
Redhat Jboss Enterprise Soa Platform	Version 4.2.0 tp02
Redhat Jboss Enterprise Soa Platform	Version 4.3.0
Redhat Jboss Enterprise Soa Platform	Version 4.3.0 cp01
Redhat Jboss Enterprise Soa Platform	Version 4.3.0 cp02
Redhat Jboss Enterprise Soa Platform	Version 4.3.0 cp03
Redhat Jboss Enterprise Soa Platform	Version 4.3.0 cp04
Redhat Jboss Enterprise Soa Platform	Version 4.3.0 cp05
Redhat Jboss Enterprise Soa Platform	Version 5.0.0
Redhat Jboss Enterprise Soa Platform	Version 5.0.1
Redhat Jboss Enterprise Soa Platform	Version 5.0.2
Redhat Jboss Enterprise Soa Platform	Version 5.1.0
Redhat Jboss Enterprise Soa Platform	Version 5.1.1
Redhat Jboss Enterprise Soa Platform	Version 5.2.0
Redhat Jboss Enterprise Soa Platform	Version 5.3.0
Redhat Jboss Enterprise Soa Platform	Version 5.3.1
Redhat Jboss Enterprise Web Platform	Version 5.1.0
Redhat Jboss Enterprise Web Platform	Version 5.1.1
Redhat Jboss Enterprise Web Platform	Version 5.1.2
Redhat Jboss Enterprise Web Platform	Version 5.2.0
Redhat Jboss Operations Network	Version 1.0.0
Redhat Jboss Operations Network	Version 2.0.0
Redhat Jboss Operations Network	Version 2.0.1
Redhat Jboss Operations Network	Version 2.1.0
Redhat Jboss Operations Network	Version 2.2
Redhat Jboss Operations Network	Version 2.3.1
Redhat Jboss Operations Network	Version 2.3
Redhat Jboss Operations Network	Version 2.4.1
Redhat Jboss Operations Network	Version 2.4.2
Redhat Jboss Operations Network	Version 2.4
Redhat Jboss Operations Network	Version 3.0.1
Redhat Jboss Operations Network	Version 3.0
Redhat Jboss Operations Network	Version 3.1.1
Redhat Jboss Operations Network	Version 3.1.2
Redhat Jboss Operations Network	Version 3.1
Redhat Jboss Web Framework Kit	Up to 2.2.0
Redhat Jboss Web Framework Kit	Version 1.0.0
Redhat Jboss Web Framework Kit	Version 1.1.0
Redhat Jboss Web Framework Kit	Version 1.2.0
Redhat Jboss Web Framework Kit	Version 2.0.0
Redhat Jboss Web Framework Kit	Version 2.1.0
Redhat Richfaces	Version 3.1.0
Redhat Richfaces	Version 3.1.1
Redhat Richfaces	Version 3.1.2
Redhat Richfaces	Version 3.1.3
Redhat Richfaces	Version 3.1.4
Redhat Richfaces	Version 3.1.5
Redhat Richfaces	Version 3.1.6
Redhat Richfaces	Version 3.2.0
Redhat Richfaces	Version 3.2.0 sr1
Redhat Richfaces	Version 3.2.1
Redhat Richfaces	Version 3.2.2
Redhat Richfaces	Version 3.3.0
Redhat Richfaces	Version 3.3.1
Redhat Richfaces	Version 3.3.2
Redhat Richfaces	Version 3.3.2 sr1
Redhat Richfaces	Version 3.3.3
Redhat Richfaces	Version 4.0.0
Redhat Richfaces	Version 4.1.0
Redhat Richfaces	Version 4.2.0
Redhat Richfaces	Version 4.2.1
Redhat Richfaces	Version 4.2.2
Redhat Richfaces	Version 4.2.3
Redhat Richfaces	Version 4.3.0
Redhat Richfaces	Version 4.3.1
Redhat Richfaces	Version 4.5.0 alpha1
Redhat Richfaces	Version 5.0.0 alpha1