CVE-2010-1871
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/41994
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
- http://www.securitytracker.com/id?1024253
- http://www.vupen.com/english/advisories/2010/1929
- https://bugzilla.redhat.com/show_bug.cgi?id=615956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
- http://www.redhat.com/support/errata/RHSA-2010-0564.html
- https://security.netapp.com/advisory/ntap-20161017-0001/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://www.securityfocus.com/bid/41994
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
- http://www.securitytracker.com/id?1024253
- http://www.vupen.com/english/advisories/2010/1929
- https://bugzilla.redhat.com/show_bug.cgi?id=615956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
- http://www.redhat.com/support/errata/RHSA-2010-0564.html
- https://security.netapp.com/advisory/ntap-20161017-0001/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.