CVE-2013-2165

RichFaces 3.x-5.x - Remote Code Execution via Unrestricted Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2165. PoCs published by Pastea.

AI-analyzed exploit summary This PoC demonstrates a deserialization vulnerability in JBoss RichFaces (CVE-2013-2165) by encoding a malicious payload into a base64-encoded, compressed format. The output is crafted to mimic a legitimate resource path for exploitation.

Description

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Exploits (1)

nomisec WORKING POC
by Pastea · poc
https://github.com/Pastea/CVE-2013-2165

This PoC demonstrates a deserialization vulnerability in JBoss RichFaces (CVE-2013-2165) by encoding a malicious payload into a base64-encoded, compressed format. The output is crafted to mimic a legitimate resource path for exploitation.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: JBoss RichFaces (versions affected by CVE-2013-2165)
No auth needed
Prerequisites: Malicious serialized payload file · Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN38787103/index.html
Vendor Advisory x_refsource_confirm
https://access.redhat.com/security/cve/CVE-2013-2165
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=973570
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1045.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1041.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1043.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1044.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1042.html
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/21

Scores

EPSS 0.2407
EPSS Percentile 96.2%

Details

CWE
CWE-264
Status published
Products (34)
org.richfaces/richfaces 3.1.0 - 3.3.3Maven
redhat/jboss_enterprise_application_platform 4.3.0 (2 CPE variants)
redhat/jboss_enterprise_application_platform 5.0.0
redhat/jboss_enterprise_application_platform 5.0.1
redhat/jboss_enterprise_application_platform 5.1.0
redhat/jboss_enterprise_application_platform 5.1.1
redhat/jboss_enterprise_application_platform 5.1.2
redhat/jboss_enterprise_application_platform 5.2.0
redhat/jboss_enterprise_brms_platform 5.0.0
redhat/jboss_enterprise_brms_platform 5.0.1
... and 24 more
Published Jul 23, 2013
Tracked Since Feb 18, 2026