(RHSA-2011:0951) Important: jboss-seam security update

The JBoss Seam 2 framework is an application framework for building web
applications in Java.

It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2
did not block access to all malicious JBoss Expression Language (EL)
constructs in page exception handling, allowing arbitrary Java methods to
be executed. A remote attacker could use this flaw to execute arbitrary
code via a specially-crafted URL provided to certain applications based on
the JBoss Seam 2 framework. Note: A properly configured and enabled Java
Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)

Red Hat would like to thank the ObjectWorks+ Development Team at Nomura
Research Institute for reporting this issue.

All users of JBoss Enterprise Application Platform 4.3.0.CP09 as provided
from the Red Hat Customer Portal are advised to install this update. Refer
to the Solution section for information about installing the update.