High severityNVD Advisory· Published Jul 23, 2013· Updated Apr 29, 2026

CVE-2013-2165

Description

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.richfaces:richfacesMaven	>= 3.1.0, < 3.3.3	3.3.3
org.richfaces:richfacesMaven	>= 4.0.0, < 4.3.2	4.3.2

Affected products

Red Hat/Jboss Enterprise Application Platform8 versions
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
Red Hat/Jboss Enterprise Brms Platform7 versions
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
Red Hat/Jboss Enterprise Portal Platform12 versions
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*
Red Hat/Jboss Enterprise Soa Platform21 versions
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.1:*:*:*:*:*:*:*
Red Hat/Jboss Enterprise Web Platform4 versions
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Red Hat/Jboss Operations Network15 versions
cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*
Red Hat/Jboss Web Framework Kit6 versions
cpe:2.3:a:redhat:jboss_web_framework_kit:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:redhat:jboss_web_framework_kit:*:*:*:*:*:*:*:*range: <=2.2.0
- cpe:2.3:a:redhat:jboss_web_framework_kit:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_web_framework_kit:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_web_framework_kit:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_web_framework_kit:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_web_framework_kit:2.1.0:*:*:*:*:*:*:*
Red Hat/Richfaces26 versions
cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.2.0:sr1:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.3.2:sr1:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.5.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:5.0.0:alpha1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN38787103/index.htmlnvdThird Party AdvisoryVDB EntryWEB
jvndb.jvn.jp/jvndb/JVNDB-2013-000072nvdThird Party AdvisoryVDB EntryWEB
rhn.redhat.com/errata/RHSA-2013-1041.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-1042.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-1043.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-1044.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-1045.htmlnvdVendor Advisory
access.redhat.com/security/cve/CVE-2013-2165nvdVendor AdvisoryWEB
bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
github.com/advisories/GHSA-4344-frcp-j22qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-2165ghsaADVISORY
packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlnvdWEB
seclists.org/fulldisclosure/2020/Mar/21nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000