{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-14T00:06:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"name": "RHSA-2015:0719", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"name": "JVN#56297719", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"name": "JVNDB-2015-001959", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"name": "20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"name": "RHSA-2015:0719", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"name": "JVN#56297719", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"name": "JVNDB-2015-001959", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"name": "20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"name": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.884Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"name": "RHSA-2015:0719", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"name": "JVN#56297719", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"name": "JVNDB-2015-001959", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"name": "20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"name": "20200313 RichFaces exploitation toolkit", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0279", "datePublished": "2015-03-26T14:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.884Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF2058B7-E4C6-4759-89F4-BBF0180CDA69", "versionEndIncluding": "4.5.4", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter."}, {"lang": "es", "value": "JBoss RichFaces anterior a 4.5.4 permite a atacantes remotos inyectar expresiones del lenguaje de expresiones (EL) y ejecutar c\u00f3digo Java arbitrario a trav\u00e9s del par\u00e1metro do."}], "id": "CVE-2015-0279", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-26T14:59:00.070", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN56297719/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Jul/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2020/Mar/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Takeshi Terada (Mitsui Bussan Secure Directions, Inc.) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:0719", "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.7.0", "product_name": "Red Hat JBoss Web Framework Kit 2.7", "release_date": "2015-03-24T00:00:00Z"}], "bugzilla": {"description": "RichFaces: Remote Command Execution via insufficient EL parameter sanitization", "id": "1192140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-95", "details": ["JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.", "It was found that the 'do' parameter permitted expression language (EL) injection, which could allow a remote attacker to execute Java methods on an affected server."], "name": "CVE-2015-0279", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Not affected", "package_name": "wildfly", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "richfaces", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "wildfly", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Affected", "package_name": "wildfly", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "richfaces", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "richfaces", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "widlfly", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2015-03-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0279\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0279"], "statement": "This issue did not affect any version of Red Hat JBoss Enterprise Application Platform 5 as they did not include the vulnerable version of the RichFaces component. JBoss EAP 5.x includes versions 3.3.1.x of RichFaces; this vulnerability was introduced in version 4.x of RichFaces.", "threat_severity": "Important"}