Bug 1192140 (CVE-2015-0279)
Summary: | CVE-2015-0279 RichFaces: Remote Command Execution via insufficient EL parameter sanitization | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | aileenc, asantos, bdawidow, cdewolf, chazlett, dandread, darran.lofthouse, epp-bugs, fnasser, gvarsami, hfnukal, huwang, jason.greene, jawilson, jbpapp-maint, jcoleman, jdg-bugs, jpallich, kconner, kkhan, ldimaggi, lgao, mdshaikh, mgoldman, mnovotny, mpetrov, mweiler, myarboro, nwallace, pavelp, pgier, pslavice, rhq-maint, rsvoboda, rwagner, security-response-team, soa-p-jira, spinder, tcunning, theute, tkirby, ttarrant, twalsh, vtunka | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | RichFaces 4.5.4 | Doc Type: | Bug Fix | ||||
Doc Text: |
It was found that the 'do' parameter permitted expression language (EL) injection, which could allow a remote attacker to execute Java methods on an affected server.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-06-20 19:31:01 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1196771, 1196772, 1196773, 1205373, 1206018 | ||||||
Bug Blocks: | 1192141, 1196328, 1203795 | ||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-02-12 16:52:10 UTC
Acknowledgements: Red Hat would like to thank Takeshi Terada of Mitsui Bussan Secure Directions, Inc. for reporting this issue. Created attachment 1005892 [details]
patch commit diffs
Created wildfly tracking bugs for this issue: Affects: fedora-all [bug 1205373] This issue has been addressed in the following products: Red Hat JBoss Web Framework Kit 2.7.0 Via RHSA-2015:0719 https://rhn.redhat.com/errata/RHSA-2015-0719.html Upstream commit: https://github.com/richfaces/richfaces/commit/4c5ddae4d6ddcea591fa949762c1c79ac11cac99 Statement: This issue did not affect any version of Red Hat JBoss Enterprise Application Platform 5 as they did not include the vulnerable version of the RichFaces component. JBoss EAP 5.x includes versions 3.3.1.x of RichFaces; this vulnerability was introduced in version 4.x of RichFaces. |