Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Cryin/Paper
- https://github.com/MilovdZee/richfaces-jakarta
- https://github.com/MilovdZee/richfaces-jakarta-old
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/TheKalin/CVE-2018-12533
- https://github.com/Venscor/CVE-2018-14667-poc
- https://github.com/adnovum/richfaces-impl-patched
- https://github.com/llamaonsecurity/CVE-2018-12533
- https://github.com/lnick2023/nicenice
- https://github.com/nareshmail/cve-2018-14667
- https://github.com/pyperanger/boringtools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/quandqn/cve-2018-14667
- https://github.com/r00t4dm/CVE-2018-14667
- https://github.com/rxxmses/CVE_parser
- https://github.com/syriusbughunt/CVE-2018-14667
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zeroto01/CVE-2018-14667