Arbitrary Code Execution Vulnerability in JBoss RichFaces before 4.5.4

CVE-2015-0279 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Learn more about our Web Application Penetration Testing UK.