CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Published: Aug 5, 2010
Updated: Jul 25, 2024
CVE: CVE-2010-1871
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20
CWE-917

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	4.3.0	4.3.0.x

http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
http://www.redhat.com/support/errata/RHSA-2010-0564.html
http://www.securityfocus.com/bid/41994
http://www.securitytracker.com/id?1024253
http://www.vupen.com/english/advisories/2010/1929
https://bugzilla.redhat.com/show_bug.cgi?id=615956
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
https://security.netapp.com/advisory/ntap-20161017-0001/

Vulnerability Database

289,599

CVE-2010-1871