CVE-2018-12533

CRITICAL

JBoss RichFaces 3.1.0-3.3.4 - RCE

Title source: llm

Description

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

Exploits (5)

nomisec WORKING POC 9 stars

by llamaonsecurity · poc

https://github.com/llamaonsecurity/CVE-2018-12533

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by LucasKatashi · poc

https://github.com/LucasKatashi/paint2die

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Pastea · poc

https://github.com/Pastea/CVE-2018-12533

View Code ZIP pw:eip

nomisec WORKING POC

by mhagnumdw · poc

https://github.com/mhagnumdw/richfaces-vulnerability-cve-2018-12533-rf-14310

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/thekalin/cve-2018-12533

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104502

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041617

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2663

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2664

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2930

[Third Party Advisory] https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html

[Mailing List] http://seclists.org/fulldisclosure/2020/Mar/21

Scores

CVSS v3 9.8

EPSS 0.7969

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-917

Status published

Products (2)

org.richfaces/richfaces-core 3.1.0Maven

redhat/richfaces 3.1.0 - 3.3.4

Published Jun 18, 2018

Tracked Since Feb 18, 2026