6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.6%
The JBoss Seam Framework is an application framework for building web
applications in Java.
An input sanitization flaw was found in the way JBoss Seam processed
certain parametrized JBoss Expression Language (EL) expressions. A remote
attacker could use this flaw to execute arbitrary code via a URL,
containing appended, specially-crafted expression language parameters,
provided to certain applications based on the JBoss Seam framework. Note: A
properly configured and enabled Java Security Manager would prevent
exploitation of this flaw. (CVE-2010-1871)
Red Hat would like to thank Meder Kydyraliev of the Google Security Team
for responsibly reporting this issue.
Users of jboss-seam2 should upgrade to these updated packages, which
contain a backported patch to correct this issue. The JBoss server process
must be restarted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | src | jboss-seam2 | <Β 2.0.2.FP-1.ep1.24.el5 | jboss-seam2-2.0.2.FP-1.ep1.24.el5.src.rpm |
RedHat | 5 | noarch | jboss-seam2-docs | <Β 2.0.2.FP-1.ep1.24.el5 | jboss-seam2-docs-2.0.2.FP-1.ep1.24.el5.noarch.rpm |
RedHat | 5 | noarch | jboss-seam2 | <Β 2.0.2.FP-1.ep1.24.el5 | jboss-seam2-2.0.2.FP-1.ep1.24.el5.noarch.rpm |