漏洞类别:RedHat
漏洞等级: 
漏洞信息
RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces (JSF) applications.
A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. (CVE-2013-2165)
Affected Products
JBoss Enterprise Application Platform from RHUI 5 x86_64
JBoss Enterprise Application Platform from RHUI 5 i386
JBoss Enterprise Application Platform 5 for RHEL 6 x86_64
JBoss Enterprise Application Platform 5 for RHEL 6 i386
JBoss Enterprise Application Platform 5 for RHEL 5 x86_64
JBoss Enterprise Application Platform 5 for RHEL 5 i386
漏洞危害
A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2013:1042 to address this issue and obtain more information.
Refer to Red Hat security advisory RHSA-2013:1043 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论