Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1484

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1484
Last Modified 25 Oct 2011 10:58:19
Published 26 Jul 2011 10:42:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1484

Summary

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 4.3.0

  • Redhat Jboss Enterprise Application Platform 5.1.0

  • Redhat Jboss Enterprise Soa Platform 4.3.0

  • Redhat Jboss Enterprise Soa Platform 5.1.0

  • Redhat Jboss Seam 2 Framework 2.0.0

  • Redhat Jboss Seam 2 Framework 2.0.1

  • Redhat Jboss Seam 2 Framework 2.0.2

  • Redhat Jboss Seam 2 Framework 2.0.3

  • Redhat Jboss Seam 2 Framework 2.1.0

  • Redhat Jboss Seam 2 Framework 2.1.1

  • Redhat Jboss Seam 2 Framework 2.1.2

  • Redhat Jboss Seam 2 Framework 2.2.0

  • Redhat Jboss Seam 2 Framework 2.2.1

  • Redhat Jboss Seam 2 Framework 2.2.2


References

CONFIRM - https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=692421

REDHAT - RHSA-2011:1251

REDHAT - RHSA-2011:1148

REDHAT - RHSA-2011:0463

REDHAT - RHSA-2011:0462

REDHAT - RHSA-2011:0461

REDHAT - RHSA-2011:0460


Last Updated: 27 May 2016 10:56:21