CVE-2018-14667
CVE-2018-14667
In short
RichFaces Framework versions 3.x through 3.3.4 contain a vulnerability that allows an unauthenticated attacker to inject malicious code through the UserResource feature, potentially taking complete control of the affected system.
Technical detail
The vulnerability is an Expression Language (EL) injection flaw in org.ajax4jsf.resource.UserResource$UriData that accepts untrusted user input without proper validation. An unauthenticated remote attacker can exploit this via a crafted request containing a serialized Java object chain to execute arbitrary code on the server.
Summary generated and translated by AI from the official description.
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
[UNKNOWN] · RichFacespublic PoCs found — 7
githubgithub.com/syriusbughunt/CVE-2018-14667★ 50githubgithub.com/Venscor/CVE-2018-14667-poc★ 8githubgithub.com/zeroto01/CVE-2018-14667★ 2githubgithub.com/r00t4dm/CVE-2018-14667★ 1githubgithub.com/quandqn/cve-2018-14667★ 1githubgithub.com/nareshmail/cve-2018-14667★ 0cve_referencepacketstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlhttps://access.redhat.com/errata/RHSA-2018:3517https://access.redhat.com/errata/RHSA-2018:3518https://access.redhat.com/errata/RHSA-2018:3519https://access.redhat.com/errata/RHSA-2018:3581https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667http://seclists.org/fulldisclosure/2020/Mar/21https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14667http://www.securitytracker.com/id/1042037