Primefaces 5.x Remote Code Execution
Posted by deepcore on January 19, 2018 – 8:34 am
This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
Post a reply
You must be logged in to post a comment.