[VEND-3] Correct JBoss Richfaces CVE-2013-4521 flaw - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: NXRF-3.3.1.GA-NX9
Fix Version/s: NXRF-3.3.1.GA-NX10
Component/s: RichFaces

Tags:
- richfaces

Description

JBoss RichFaces has a known flaw related to deserialization:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165

Details of the patch are here:
http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html

and

http://lists.jboss.org/pipermail/richfaces-svn-commits/2013-June/023102.html

Attachments

Issue Links

is required by

NXP-13112 Upgrade to Richfaces 3.3.1.GA-NX9.01

Resolved

Activity

People

Assignee:

Guillaume Renard

Reporter:

Guillaume Renard

Participants:

Guillaume Renard, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2013-11-06 15:36

Updated:

2014-04-30 14:34

Resolved:

2013-11-07 14:43