VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1871
jboss_enterprise_application_platform: JBoss Seam 2 (jboss-seam2), as used in JBoss Enterp...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1871

Original

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-05
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-05




Affected Product Tags
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0
cpe:/o:redhat:enterprise_linux:4
cpe:/o:redhat:enterprise_linux:5
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 41994




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=615956




REDHAT RHSA-2010:0564




SECTRACK 1024253




VUPEN ADV-2010-1929




Vulnerability Type Input Validation (CWE-20)




Copyright © 2010 JPCERT/CC All Rights Reserved.