2 matches found
Remote Code Execution (RCE)
JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...
Seam2: Improper sanitization of parametrized JBoss EL expressions (ACE)
JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...