What is CVE-2013-2165?

CVE-2013-2165 is a vulnerability in Redhat Jboss_enterprise_application_platform, classified under CWE-264. Published 2013-07-23.

Is CVE-2013-2165 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Redhat Jboss_enterprise_application_platform

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x th…

EPSS: 0.241 (96.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 4.3.0, 5.0.0, 5.0.1
Redhat Jboss_enterprise_brms_platform — versions 5.0.0, 5.0.1, 5.0.2
Redhat Jboss_enterprise_portal_platform — versions 4.3.0, 5.0.0, 5.0.1
Redhat Jboss_enterprise_soa_platform — versions 4.2.0, 4.3.0, 5.0.0
Redhat Jboss_enterprise_web_platform — versions 5.1.0, 5.1.1, 5.1.2
Redhat Jboss_operations_network — versions 1.0.0, 2.0.0, 2.0.1
Redhat Jboss_web_framework_kit — versions 1.0.0, 1.1.0, 1.2.0
Redhat Richfaces — versions 3.1.0, 3.1.1, 3.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

JVN#38787103 (x_refsource_JVN, Third Party Advisory, VDB Entry, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
RHSA-2013:1045 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1041 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1043 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1044 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
JVNDB-2013-000072 (x_refsource_JVNDB, Third Party Advisory, VDB Entry, third-party-advisory)
RHSA-2013:1042 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2013-2165?: CVE-2013-2165 is a vulnerability in Redhat Jboss_enterprise_application_platform, classified under CWE-264. Published 2013-07-23.
Is CVE-2013-2165 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.