CVE-2018-14667

Published: Nov 6, 2018Modified: Nov 3, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Affected (3)

Products: Redhat: Richfaces, Enterprise Linux

2 products

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Richfaces	From 3.1.0 to 3.3.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (17)

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Mar/21

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1042037

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3517

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3518

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3519

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3581

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Mar/21

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1042037

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3517

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3518

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3519

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:3581

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14667

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.