CVE-2013-4521
N/A
N/A
Summary
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nuxeo | Nuxeo Platform | 5.6.0 before HF27 | affected |
| Nuxeo | Nuxeo Platform | 5.8.0 before HF-01 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1027052
- http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
- https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1027052
- http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
- https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.