JBoss Seam 2 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Seam 2 Remote Command Execution', 'Description' = %q JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for R...

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...

Remote Code Execution (RCE)

JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...

JBoss Seam 2 Framework Remote Code Execution (CVE-2010-1871)

An Arbitrary File Upload vulnerability exists in JBoss Seam 2 Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

JBoss Seam 2 - Arbitrary File Upload / Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/http' require 'msf/core' class Metasploit3 'JBoss Seam 2 File Upload and Execute', 'Description' = %q Versions of the JBoss Seam 2 framework 2.2.1CR2...

JBoss Seam 2 File Upload / Remote Code Execute Exploit

Versions of the JBoss Seam 2 framework prior to 2.2.1CR2 fail to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This Metasploit module leverages RCE to upload and execute a meterpreter...

JBoss Seam 2 File Upload and Execute

Versions of the JBoss Seam 2 framework 'JBoss Seam 2 File Upload and Execute', 'Description' = %q Versions of the JBoss Seam 2 framework 2.2.1CR2 fails to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the...

CVE-2013-6448

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

Input validation

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

Xxe

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

CVE-2013-6447

The CVE-2013-6447 issue affects Red Hat JBoss Web Framework Kit 2.4.0, where the seam-remoting components (ExecutionHandler, PollHandler, SubscriptionHandler) unmarshalled untrusted XML and processed external entities, enabling an attacker to read files on the server. Red Hat’s advisory RHSA-2014...

CVE-2013-6447

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

Critical: Red Hat Security Advisory: jboss-seam2 security update

Updated jboss-seam2 packages that fix one security issue are now available for Red Hat JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 4.3 CP07 update

JBoss Enterprise Portal Platform 4.3 CP07, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

JBoss Seam 2 Remote Command Execution

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested...

Important: Red Hat Security Advisory: JBoss Communications Platform 5.1.1 update

JBoss Communications Platform 5.1.1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

Input validation

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

Input validation

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

CVE-2011-2196

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...