Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6433

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6433
Last Modified 07 Mar 2011 10:02:43
Published 18 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6433

Summary

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Vulnerable Systems

Application

  • Jboss Seam 2.0.0


References

VUPEN - ADV-2007-4215

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

SECUNIA - 28077

OSVDB - 42631

CONFIRM - http://jira.jboss.com/jira/browse/JBSEAM-2084

BID - 26850

REDHAT - RHSA-2008:0213

REDHAT - RHSA-2008:0158

REDHAT - RHSA-2008:0151


Last Updated: 27 May 2016 10:46:30