Vulnerability Description
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Richfaces | >= 4.0.0, <= 4.5.4 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN56297719/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Exec
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-To
- http://rhn.redhat.com/errata/RHSA-2015-0719.htmlBroken LinkVendor Advisory
- http://seclists.org/fulldisclosure/2019/Jul/21
- http://seclists.org/fulldisclosure/2020/Mar/21
- https://bugzilla.redhat.com/show_bug.cgi?id=1192140Issue TrackingVendor Advisory
- http://jvn.jp/en/jp/JVN56297719/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Exec
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-To
- http://rhn.redhat.com/errata/RHSA-2015-0719.htmlBroken LinkVendor Advisory
- http://seclists.org/fulldisclosure/2019/Jul/21
- http://seclists.org/fulldisclosure/2020/Mar/21
FAQ
What is CVE-2015-0279?
CVE-2015-0279 is a vulnerability with a CVSS score of 6.8 (MEDIUM). JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
How severe is CVE-2015-0279?
CVE-2015-0279 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0279?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Richfaces.