VDB
CVE-2018-12533
CVE-2018-12533
PUBLISHED
CVSS 7.5 HIGH
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
EPSS 79.69% · 99.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
79.69%
99.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.richfaces:richfaces-core | 3.1.0 |
| n/a | n/a | n/a |
| redhat | richfaces | 3.1.0 |
Exploit Intelligence
- Pastea/CVE-2018-12533 (github-poc-repo)
- Pastea/CVE-2018-12533 (github-poc-repo)
- Pastea/CVE-2018-12533 (github-poc-repo)
- Pastea/CVE-2018-12533 (github-poc-repo)
- Pastea/CVE-2018-12533 (github-poc-repo)
- Pastea/CVE-2018-12533 (github-poc-repo)
- RF-14310 / CVE-2018-12533 - Payload generator (github-poc-repo)
- RF-14310 / CVE-2018-12533 - Payload generator (github-poc-repo)
- RF-14310 / CVE-2018-12533 - Payload generator (github-poc-repo)
- RF-14310 / CVE-2018-12533 - Payload generator (github-poc-repo)
…and 46 more exploits
Timeline
- Jun 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jun 12, 2023 EPSS Score
- Aug 23, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
References
- RHSA-2018:2664 vendor-advisory
- 1041617 vdb
- https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html url
- RHSA-2018:2663 vendor-advisory
- 104502 vdb
- RHSA-2018:2930 vendor-advisory
- 20200313 RichFaces exploitation toolkit mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2018-12533 advisory