Back to bug 1027052
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| David Jorm | 2013-11-06 02:04:32 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2013-11-06 02:04:32 UTC | Doc Type | --- | Bug Fix |
| David Jorm | 2013-11-14 00:42:47 UTC | Status | NEW | CLOSED |
| Group | security, qe_staff | |||
| Resolution | --- | NOTABUG | ||
| Summary | EMBARGOED CVE-2013-4521 Nuxeo RichFaces: Remote code execution due to insecure deserialization | CVE-2013-4521 Nuxeo RichFaces: Remote code execution due to insecure deserialization | ||
| Whiteboard | impact=critical,public=no,reported=20131106,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,jboss/unknown=notaffected | impact=critical,public=20131114,reported=20131106,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,jboss/unknown=notaffected | ||
| Last Closed | 2013-11-13 19:42:47 UTC | |||
| John Skeoch | 2014-10-21 00:05:42 UTC | CC | mjc | |
| Product Security DevOps Team | 2019-09-29 13:09:54 UTC | Whiteboard | impact=critical,public=20131114,reported=20131106,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,jboss/unknown=notaffected | |
| Chess Hazlett | 2020-01-21 21:32:10 UTC | Doc Text | It was found that Nuxeo RichFaces improperly deserialized data. An attacker could use this flaw to attain execution on deserialization methods on serializable classes deployed on the server. | |
| RaTasha Tillery-Smith | 2020-01-23 13:22:34 UTC | Doc Text | It was found that Nuxeo RichFaces improperly deserialized data. An attacker could use this flaw to attain execution on deserialization methods on serializable classes deployed on the server. | A flaw was found in Nuxeo RichFaces where it improperly deserialized data. An attacker could use this flaw to obtain execution on deserialization methods on serializable classes deployed on the server. This can possibly lead to unauthenticated remote code execution. |
Back to bug 1027052