Red.Hat.JBoss.RichFaces.EL.Code.Injection

description-logoDescription

This indicates an attack attempt to exploit a Code Injection vulnerability in JBoss RichFaces.
The vulnerability is due to insufficient sanitizing of user supplied URI inputs into the application. A remote attacker can exploit this to send a crafted query to execute arbitrary commands on a vulnerable server.

affected-products-logoAffected Products

JBoss RichFaces 3.x <= 3.3.4

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://access.redhat.com/errata/RHSA-2018:2663

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-26 15.731 Name:RedHat.
JBoss.
RichFaces.
EL.
Code.
Injection:Red.
Hat.
JBoss.
RichFaces.
EL.
Code.
Injection
2019-04-03 14.585 Sig Added
2019-03-20 14.577 Default_action:pass:drop
2019-02-21 14.558