Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-2196
HistoryJul 27, 2011 - 2:55 a.m.

CVE-2011-2196

2011-07-2702:55:01
CWE-264
[email protected]
web.nvd.nist.gov
32
cve
jboss
seam
java
code execution
security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.

Affected configurations

NVD
Node
redhatjboss_enterprise_application_platformMatch4.3.0
OR
redhatjboss_enterprise_application_platformMatch4.3.0cp09
OR
redhatjboss_enterprise_application_platformMatch5.1.1
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp05
OR
redhatjboss_enterprise_soa_platformMatch5.1.0
OR
redhatjboss_enterprise_web_platformMatch5.1.1
OR
redhatjboss_seam_2_frameworkRange2.2.2
OR
redhatjboss_seam_2_frameworkMatch2.0.0beta1
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.0cr3
OR
redhatjboss_seam_2_frameworkMatch2.0.0ga
OR
redhatjboss_seam_2_frameworkMatch2.0.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.1ga
OR
redhatjboss_seam_2_frameworkMatch2.0.2cr1
OR
redhatjboss_seam_2_frameworkMatch2.0.2cr2
OR
redhatjboss_seam_2_frameworkMatch2.0.2ga
OR
redhatjboss_seam_2_frameworkMatch2.0.2sp1
OR
redhatjboss_seam_2_frameworkMatch2.0.3cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.0alpha1
OR
redhatjboss_seam_2_frameworkMatch2.1.0beta1
OR
redhatjboss_seam_2_frameworkMatch2.1.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.0ga
OR
redhatjboss_seam_2_frameworkMatch2.1.0sp1
OR
redhatjboss_seam_2_frameworkMatch2.1.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.1.1ga
OR
redhatjboss_seam_2_frameworkMatch2.1.2
OR
redhatjboss_seam_2_frameworkMatch2.1.2cr1
OR
redhatjboss_seam_2_frameworkMatch2.1.2cr2
OR
redhatjboss_seam_2_frameworkMatch2.2.0cr1
OR
redhatjboss_seam_2_frameworkMatch2.2.0ga
OR
redhatjboss_seam_2_frameworkMatch2.2.1
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr1
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr2
OR
redhatjboss_seam_2_frameworkMatch2.2.1cr3
CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq4.3.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq5.1.1
redhat:jboss_enterprise_soa_platformredhat jboss enterprise soa platformeq4.3.0
redhat:jboss_enterprise_soa_platformredhat jboss enterprise soa platformeq5.1.0
redhat:jboss_enterprise_web_platformredhat jboss enterprise web platformeq5.1.1
redhat:jboss_seam_2_frameworkredhat jboss seam 2 frameworkle2.2.2
redhat:jboss_seam_2_frameworkredhat jboss seam 2 frameworkeq2.0.0
redhat:jboss_seam_2_frameworkredhat jboss seam 2 frameworkeq2.0.1
redhat:jboss_seam_2_frameworkredhat jboss seam 2 frameworkeq2.0.2
redhat:jboss_seam_2_frameworkredhat jboss seam 2 frameworkeq2.0.3
Rows per page:
1-10 of 151

Related

redhat 10
nessus 7
cvelist 2
veracode 1
nvd 2
prion 2
cve 1
securityvulns 2
redhat
redhat
(RHSA-2011:0950) Important: jboss-seam2 security update
2011-07-18 00:00:00
(RHSA-2011:0945) Important: JBoss Enterprise Web Platform 5.1.1 update
2011-07-18 00:00:00
(RHSA-2011:0946) Important: JBoss Enterprise Application Platform 5.1.1 update
2011-07-18 00:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2011:0946)
2013-01-24 00:00:00
RHEL 4 : JBoss EAP (RHSA-2011:0947)
2013-01-24 00:00:00
RHEL 4 / 5 : jboss-seam2 (RHSA-2011:0950)
2013-01-24 00:00:00
cvelist
cvelist
CVE-2011-2196
2011-07-27 01:29:00
CVE-2011-1484
2011-07-27 01:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:59:25
nvd
nvd
CVE-2011-2196
2011-07-27 02:55:01
CVE-2011-1484
2011-07-27 02:42:27
prion
prion
Input validation
2011-07-27 02:55:00
Input validation
2011-07-27 02:42:00
cve
cve
CVE-2011-1484
2011-07-27 02:42:27
securityvulns
securityvulns
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code
2013-07-29 00:00:00
HP Network Node Manager multiple security vulnerabilities
2013-07-29 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON
Related for CVE-2011-2196
redhat10nessus7cvelist2veracode1nvd2prion2cve1securityvulns2