mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
1.8 KiB
1.8 KiB
CVE-2018-14667
Description
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
POC
Reference
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Cryin/Paper
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/TheKalin/CVE-2018-12533
- https://github.com/Venscor/CVE-2018-14667-poc
- https://github.com/adnovum/richfaces-impl-patched
- https://github.com/llamaonsecurity/CVE-2018-12533
- https://github.com/lnick2023/nicenice
- https://github.com/nareshmail/cve-2018-14667
- https://github.com/pyperanger/boringtools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/quandqn/cve-2018-14667
- https://github.com/r00t4dm/CVE-2018-14667
- https://github.com/rxxmses/CVE_parser
- https://github.com/syriusbughunt/CVE-2018-14667
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zeroto01/CVE-2018-14667