Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-1484
HistoryJul 27, 2011 - 2:42 a.m.

CVE-2011-1484

2011-07-2702:42:27
CWE-264
[email protected]
web.nvd.nist.gov
35
cve-2011-1484
jboss seam
jboss enterprise soa platform
jboss eap
expression language
remote code execution
security vulnerability

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.1%

JSON

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.

Affected configurations

NVD
Node
redhatjboss_enterprise_application_platformMatch4.3.0cp09
OR
redhatjboss_enterprise_application_platformMatch5.1.0
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp04
OR
redhatjboss_enterprise_soa_platformMatch5.1.0
OR
redhatjboss_seam_2_frameworkRange2.2.2
OR
redhatjboss_seam_2_frameworkMatch2.0.0beta1
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr3
OR
redhatjboss_seam_2_frameworkMatch2.0.0ga
OR
redhatjboss_seam_2_frameworkMatch2.0.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.1ga
OR
redhatjboss_seam_2_frameworkMatch2.0.2cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.2cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.2ga
OR
redhatjboss_seam_2_frameworkMatch2.0.2sp1
OR
redhatjboss_seam_2_frameworkMatch2.0.3cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.0alpha1
OR
redhatjboss_seam_2_frameworkMatch2.1.0beta1
OR
redhatjboss_seam_2_frameworkMatch2.1.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.0ga
OR
redhatjboss_seam_2_frameworkMatch2.1.0sp1
OR
redhatjboss_seam_2_frameworkMatch2.1.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.1.1ga
OR
redhatjboss_seam_2_frameworkMatch2.1.2
OR
redhatjboss_seam_2_frameworkMatch2.1.2cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.2cr2
OR
redhatjboss_seam_2_frameworkMatch2.2.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.2.0ga
OR
redhatjboss_seam_2_frameworkMatch2.2.1
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr3

Related

prion 2
nvd 2
cvelist 2
redhat 10
nessus 6
veracode 1
cve 1
prion
prion
Input validation
2011-07-27 02:42:00
Input validation
2011-07-27 02:55:00
nvd
nvd
CVE-2011-1484
2011-07-27 02:42:27
CVE-2011-2196
2011-07-27 02:55:01
cvelist
cvelist
CVE-2011-1484
2011-07-27 01:00:00
CVE-2011-2196
2011-07-27 01:29:00
redhat
redhat
(RHSA-2011:0462) Important: jboss-seam security update
2011-04-20 15:46:47
(RHSA-2011:1251) Important: JBoss Enterprise Portal Platform 5.1.1 update
2011-09-04 00:00:00
(RHSA-2011:0461) Important: jboss-seam2 security update
2011-04-20 00:00:00
nessus
nessus
RHEL 4 / 5 : jboss-seam2 (RHSA-2011:0460)
2013-01-24 00:00:00
RHEL 4 / 5 : jboss-seam2 (RHSA-2011:0461)
2013-01-24 00:00:00
RHEL 6 : JBoss EAP (RHSA-2011:0946)
2013-01-24 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:59:25
cve
cve
CVE-2011-2196
2011-07-27 02:55:01

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.1%

JSON
Related for CVE-2011-1484
prion2nvd2cvelist2redhat10nessus6veracode1cve1