CVE-2015-0279

Related Files

Richsploit RichFaces Exploitation Toolkit

Posted Mar 9, 2020

Authored by redtimmysec

This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.

tags | exploit, tool, java, remote, vulnerability, code execution

advisories | CVE-2013-2165, CVE-2015-0279, CVE-2018-14667

SHA-256 | 648af6bc429ca530648d01005b86d127e64fe5a21538da847835939211cb2f63

Download | Favorite | View

Tufin Secure Change Remote Code Execution

Posted Jul 24, 2019

Authored by Stephane Grundschober

Tufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution

advisories | CVE-2015-0279

SHA-256 | 5f337d6d91cf5f5d0bc240b766525f3cc6b32105aaf6cf34e4c4de7124a9991c

Download | Favorite | View

Red Hat Security Advisory 2015-0719-01

Posted Mar 25, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0719-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. It was found that the 'do' parameter permitted expression language injection, which could allow a remote attacker to execute Java methods on an affected server.

tags | advisory, java, remote, web

systems | linux, redhat

advisories | CVE-2015-0279

SHA-256 | 3bc10be638561a84a22f7d12bb3bbe4617b2600873ca067c9751772eb657ddd8

Download | Favorite | View