CVE-2015-0279

JBoss RichFaces 4.0.0-4.5.3 - Remote Code Execution via EL Expression Injection

Title source: llm
STIX 2.1

Description

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

References (8)

Core 8
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1192140
Broken Link, Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0719.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN56297719/index.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jul/21
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/21

Scores

EPSS 0.0396
EPSS Percentile 89.1%

Details

CWE
CWE-94
Status published
Products (1)
redhat/richfaces 4.0.0 - 4.5.4
Published Mar 26, 2015
Tracked Since Feb 18, 2026