CVE-2018-14667

Known Exploited

Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

References

Link	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667	vendor advisory issue tracking
https://access.redhat.com/errata/RHSA-2018:3519	vendor advisory
https://access.redhat.com/errata/RHSA-2018:3581	vendor advisory
https://access.redhat.com/errata/RHSA-2018:3518	vendor advisory
https://access.redhat.com/errata/RHSA-2018:3517	vendor advisory
http://www.securitytracker.com/id/1042037	third party advisory vdb entry
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html	third party advisory vdb entry
http://seclists.org/fulldisclosure/2020/Mar/21	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2018-14667?: CVE-2018-14667 has been scored as a critical severity vulnerability.
How to fix CVE-2018-14667?: To fix CVE-2018-14667, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-14667 being actively exploited in the wild?: It is confirmed that CVE-2018-14667 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~88% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-14667?: CVE-2018-14667 affects [UNKNOWN] RichFaces.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions