Vulnerabilites related to redhat - jboss_seam_2_framework
CVE-2013-6447 (GCVE-0-2013-6447)
Vulnerability from cvelistv5
Published
2014-01-23 00:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029652 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56572 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1044784 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-0045.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:39:01.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029652", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029652", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { name: "56572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56572", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", }, { name: "RHSA-2014:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-22T23:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1029652", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029652", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { name: "56572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56572", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", }, { name: "RHSA-2014:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-6447", datePublished: "2014-01-23T00:00:00", dateReserved: "2013-11-04T00:00:00", dateUpdated: "2024-08-06T17:39:01.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1484 (GCVE-0-2011-1484)
Vulnerability from cvelistv5
Published
2011-07-27 01:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-1251.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=692421 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-0462.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0463.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0461.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0460.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-1148.html | vendor-advisory, x_refsource_REDHAT | |
| https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:28:41.792Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2011:1251", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1251.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=692421", }, { name: "RHSA-2011:0462", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0462.html", }, { name: "RHSA-2011:0463", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0463.html", }, { name: "RHSA-2011:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0461.html", }, { name: "RHSA-2011:0460", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0460.html", }, { name: "RHSA-2011:1148", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1148.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-20T00:00:00", descriptions: [ { lang: "en", value: "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-08-23T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2011:1251", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1251.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=692421", }, { name: "RHSA-2011:0462", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0462.html", }, { name: "RHSA-2011:0463", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0463.html", }, { name: "RHSA-2011:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0461.html", }, { name: "RHSA-2011:0460", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0460.html", }, { name: "RHSA-2011:1148", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1148.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-1484", datePublished: "2011-07-27T01:00:00", dateReserved: "2011-03-21T00:00:00", dateUpdated: "2024-08-06T22:28:41.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-6448 (GCVE-0-2013-6448)
Vulnerability from cvelistv5
Published
2014-01-23 00:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029652 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1044794 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56572 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2014-0045.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:39:01.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029652", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029652", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", }, { name: "56572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56572", }, { name: "RHSA-2014:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-20T00:00:00", descriptions: [ { lang: "en", value: "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-22T23:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1029652", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029652", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", }, { name: "56572", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56572", }, { name: "RHSA-2014:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-6448", datePublished: "2014-01-23T00:00:00", dateReserved: "2013-11-04T00:00:00", dateUpdated: "2024-08-06T17:39:01.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-2196 (GCVE-0-2011-2196)
Vulnerability from cvelistv5
Published
2011-07-27 01:29
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48716 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2011-0946.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0948.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0949.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0951.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0945.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=712283 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-0950.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0947.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2011-0952.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:53:17.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "48716", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48716", }, { name: "RHSA-2011:0946", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0946.html", }, { name: "RHSA-2011:0948", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0948.html", }, { name: "RHSA-2011:0949", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0949.html", }, { name: "RHSA-2011:0951", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0951.html", }, { name: "RHSA-2011:0945", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0945.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=712283", }, { name: "RHSA-2011:0950", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0950.html", }, { name: "RHSA-2011:0947", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0947.html", }, { name: "RHSA-2011:0952", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0952.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-07-27T01:29:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "48716", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48716", }, { name: "RHSA-2011:0946", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0946.html", }, { name: "RHSA-2011:0948", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0948.html", }, { name: "RHSA-2011:0949", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0949.html", }, { name: "RHSA-2011:0951", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0951.html", }, { name: "RHSA-2011:0945", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0945.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=712283", }, { name: "RHSA-2011:0950", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0950.html", }, { name: "RHSA-2011:0947", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0947.html", }, { name: "RHSA-2011:0952", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0952.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-2196", datePublished: "2011-07-27T01:29:00Z", dateReserved: "2011-05-31T00:00:00Z", dateUpdated: "2024-08-06T22:53:17.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2014-01-23 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "D364080C-85B8-46A0-B5C7-1590DAF98320", versionEndIncluding: "2.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "4664C66E-3F4B-471E-AAC9-276834A55499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", matchCriteriaId: "43CACD28-B9A3-46D5-BA99-AA578F51D693", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", matchCriteriaId: "1A4951C4-8941-4A7F-B742-B50A812CC4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", matchCriteriaId: "1A83D0E2-C724-47D1-9A98-7ACADA8810DA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", matchCriteriaId: "56B7E191-8A62-4BDE-90A4-192BA5696A39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", matchCriteriaId: "4A027797-81BC-4826-BBCC-C5EAEAB3E503", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", matchCriteriaId: "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", matchCriteriaId: "D38126DF-747B-4892-9B63-E7E35F98C760", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", matchCriteriaId: "ECD78557-9403-496D-8512-FA693E291164", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", matchCriteriaId: "CB076878-0465-44C7-AE59-C9584B3CEE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", matchCriteriaId: "F682D85A-5B8C-4F83-BABD-9D28775C3776", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", matchCriteriaId: "43DA16B0-8E35-444D-B0BC-6774BBEC9E49", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", matchCriteriaId: "D249483C-D9F2-474F-9DDD-775CA573A642", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "C5BD9104-7BE9-420F-8DB2-C07748941254", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A6513765-FEB9-4D7E-AE29-E479707AED02", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", matchCriteriaId: "42291710-D8D1-4C77-8A62-E0B80BA3D5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", matchCriteriaId: "0BBFD756-FF7B-4163-9924-CC922A7EA1AF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "226579DC-5DFE-4778-9871-4137B556D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", matchCriteriaId: "CB03E6D7-1A07-49EB-AB21-E136132BDF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", matchCriteriaId: "68FE6392-8774-4534-8903-BE9154FE2795", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", matchCriteriaId: "9F98F783-0AB2-41BE-8B07-D62438824541", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "7A206D39-DBF9-4B14-8703-9081682A1EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", matchCriteriaId: "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", matchCriteriaId: "1371416C-30C8-47A6-8A0C-F4E37875BE8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", matchCriteriaId: "CA790538-865A-4249-B6F9-F0CEC5818E57", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", matchCriteriaId: "62AB605C-3102-4425-A563-817445B2F187", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E6F5051-BF57-44EA-942F-9E74A06D8B45", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", matchCriteriaId: "0FD6DFE0-4FC8-4311-A724-666AA48A64C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", matchCriteriaId: "EB833625-4D55-4BFE-A05C-5650D342C461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", matchCriteriaId: "CB5F7791-FC8F-4E6C-B14D-A31D69086895", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A42F5033-9365-44D7-8B42-A6367456ED8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "04C1DC31-7337-4C24-9DA0-A79D0D442D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:alpha:*:*:*:*:*:*", matchCriteriaId: "7376B2C4-542E-42CE-9970-749B78A30571", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta1:*:*:*:*:*:*", matchCriteriaId: "73C2733D-BA18-4E56-9E08-9F334C7DAAF5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta2:*:*:*:*:*:*", matchCriteriaId: "AFFFDD3E-CBEC-461B-80D8-45EBD04CAE09", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:cr1:*:*:*:*:*:*", matchCriteriaId: "A5608CA4-7E53-471E-BCD3-F8EA13839557", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.1:cr1:*:*:*:*:*:*", matchCriteriaId: "24546C35-AAEF-40DE-889A-8AA50D25968C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.", }, { lang: "es", value: "Múltiples vulnerabilidades de XXE en las clases (1) ExecutionHandler, (2) PollHandler, y (3) SubscriptionHandler en JBoss Seam Remoting de JBoss Seam 2 framework 2.3.1 y anteriores versiones, tal como se usa en JBoss Web Framework Kit, permite a atancantes remotos leer archivos arbitrarios y posiblemente tener otros impactos a través de un archivo XML manipulado.", }, ], id: "CVE-2013-6447", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-23T00:55:03.347", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/56572", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1029652", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", }, { source: "secalert@redhat.com", url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/56572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-23 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "D364080C-85B8-46A0-B5C7-1590DAF98320", versionEndIncluding: "2.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "4664C66E-3F4B-471E-AAC9-276834A55499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", matchCriteriaId: "43CACD28-B9A3-46D5-BA99-AA578F51D693", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", matchCriteriaId: "1A4951C4-8941-4A7F-B742-B50A812CC4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", matchCriteriaId: "1A83D0E2-C724-47D1-9A98-7ACADA8810DA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", matchCriteriaId: "56B7E191-8A62-4BDE-90A4-192BA5696A39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", matchCriteriaId: "4A027797-81BC-4826-BBCC-C5EAEAB3E503", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", matchCriteriaId: "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", matchCriteriaId: "D38126DF-747B-4892-9B63-E7E35F98C760", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", matchCriteriaId: "ECD78557-9403-496D-8512-FA693E291164", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", matchCriteriaId: "CB076878-0465-44C7-AE59-C9584B3CEE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", matchCriteriaId: "F682D85A-5B8C-4F83-BABD-9D28775C3776", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", matchCriteriaId: "43DA16B0-8E35-444D-B0BC-6774BBEC9E49", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", matchCriteriaId: "D249483C-D9F2-474F-9DDD-775CA573A642", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "C5BD9104-7BE9-420F-8DB2-C07748941254", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A6513765-FEB9-4D7E-AE29-E479707AED02", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", matchCriteriaId: "42291710-D8D1-4C77-8A62-E0B80BA3D5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", matchCriteriaId: "0BBFD756-FF7B-4163-9924-CC922A7EA1AF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "226579DC-5DFE-4778-9871-4137B556D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", matchCriteriaId: "CB03E6D7-1A07-49EB-AB21-E136132BDF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", matchCriteriaId: "68FE6392-8774-4534-8903-BE9154FE2795", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", matchCriteriaId: "9F98F783-0AB2-41BE-8B07-D62438824541", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "7A206D39-DBF9-4B14-8703-9081682A1EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", matchCriteriaId: "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", matchCriteriaId: "1371416C-30C8-47A6-8A0C-F4E37875BE8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", matchCriteriaId: "CA790538-865A-4249-B6F9-F0CEC5818E57", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", matchCriteriaId: "62AB605C-3102-4425-A563-817445B2F187", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E6F5051-BF57-44EA-942F-9E74A06D8B45", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", matchCriteriaId: "0FD6DFE0-4FC8-4311-A724-666AA48A64C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", matchCriteriaId: "EB833625-4D55-4BFE-A05C-5650D342C461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", matchCriteriaId: "CB5F7791-FC8F-4E6C-B14D-A31D69086895", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A42F5033-9365-44D7-8B42-A6367456ED8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "04C1DC31-7337-4C24-9DA0-A79D0D442D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:alpha:*:*:*:*:*:*", matchCriteriaId: "7376B2C4-542E-42CE-9970-749B78A30571", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta1:*:*:*:*:*:*", matchCriteriaId: "73C2733D-BA18-4E56-9E08-9F334C7DAAF5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta2:*:*:*:*:*:*", matchCriteriaId: "AFFFDD3E-CBEC-461B-80D8-45EBD04CAE09", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:cr1:*:*:*:*:*:*", matchCriteriaId: "A5608CA4-7E53-471E-BCD3-F8EA13839557", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.1:cr1:*:*:*:*:*:*", matchCriteriaId: "24546C35-AAEF-40DE-889A-8AA50D25968C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.", }, { lang: "es", value: "El manejador InterfaceGenerator en JBoss Seam Remoting en JBoss Seam 2 framework 2.3.1 y anteriores versiones, tal como se usa en JBoss Web Framework Kit, permite a atacantes remotos evadir la restricción de anotación de WebRemote y obtener información sobre clases y métodos arbitrarios en el servidor classpath a través de vectores no especificados.", }, ], id: "CVE-2013-6448", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-23T00:55:03.380", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/56572", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1029652", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", }, { source: "secalert@redhat.com", url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/56572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-07-27 02:55
Modified
2025-04-11 00:51
Severity ?
Summary
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*", matchCriteriaId: "FA7424BA-1E18-4267-9697-F4560BE75359", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C13890AE-5FDE-4698-8A2E-1B2FA0A313AF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*", matchCriteriaId: "67BD448A-745D-4387-ABC8-A18DF142574D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F20B8708-8EC6-4B0E-9693-131F91A4FC15", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "BB8AAFEA-2C73-460E-AAF3-C076041C7335", versionEndIncluding: "2.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "4664C66E-3F4B-471E-AAC9-276834A55499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", matchCriteriaId: "43CACD28-B9A3-46D5-BA99-AA578F51D693", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", matchCriteriaId: "1A4951C4-8941-4A7F-B742-B50A812CC4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", matchCriteriaId: "1A83D0E2-C724-47D1-9A98-7ACADA8810DA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", matchCriteriaId: "56B7E191-8A62-4BDE-90A4-192BA5696A39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", matchCriteriaId: "4A027797-81BC-4826-BBCC-C5EAEAB3E503", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", matchCriteriaId: "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", matchCriteriaId: "D38126DF-747B-4892-9B63-E7E35F98C760", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", matchCriteriaId: "ECD78557-9403-496D-8512-FA693E291164", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", matchCriteriaId: "CB076878-0465-44C7-AE59-C9584B3CEE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", matchCriteriaId: "F682D85A-5B8C-4F83-BABD-9D28775C3776", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", matchCriteriaId: "43DA16B0-8E35-444D-B0BC-6774BBEC9E49", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", matchCriteriaId: "D249483C-D9F2-474F-9DDD-775CA573A642", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "C5BD9104-7BE9-420F-8DB2-C07748941254", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A6513765-FEB9-4D7E-AE29-E479707AED02", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", matchCriteriaId: "42291710-D8D1-4C77-8A62-E0B80BA3D5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", matchCriteriaId: "0BBFD756-FF7B-4163-9924-CC922A7EA1AF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "226579DC-5DFE-4778-9871-4137B556D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", matchCriteriaId: "CB03E6D7-1A07-49EB-AB21-E136132BDF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", matchCriteriaId: "68FE6392-8774-4534-8903-BE9154FE2795", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", matchCriteriaId: "9F98F783-0AB2-41BE-8B07-D62438824541", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "7A206D39-DBF9-4B14-8703-9081682A1EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", matchCriteriaId: "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", matchCriteriaId: "1371416C-30C8-47A6-8A0C-F4E37875BE8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", matchCriteriaId: "CA790538-865A-4249-B6F9-F0CEC5818E57", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", matchCriteriaId: "62AB605C-3102-4425-A563-817445B2F187", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E6F5051-BF57-44EA-942F-9E74A06D8B45", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", matchCriteriaId: "0FD6DFE0-4FC8-4311-A724-666AA48A64C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", matchCriteriaId: "EB833625-4D55-4BFE-A05C-5650D342C461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", matchCriteriaId: "CB5F7791-FC8F-4E6C-B14D-A31D69086895", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.", }, { lang: "es", value: "jboss-seam.jar en el framework de JBoss Seam 2 v2.2.x y anteriores, como el distribuido en Red Hat JBoss Enterprise SOA Platform v4.3.0.CP05 y v5.1.0; JBoss Enterprise Application Platform (también conocido como JBoss EAP o JBEAP) v4.3.0, v4.3.0.CP09, y v5.1.1; y JBoss Enterprise Web Platform v5.1.1, no restringen el uso de elementos Expression Language (EL) en FacesMessages durante la gestión de la página de excepción, lo que permite a atacantes remotos ejecutar código Java a través de una URL manipulada para una aplicación. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2011-1484.", }, ], id: "CVE-2011-2196", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-07-27T02:55:01.743", references: [ { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0945.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0946.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0947.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0948.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0949.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0950.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0951.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0952.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/48716", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=712283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0945.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0946.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0947.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0948.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0949.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0950.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0951.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0952.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=712283", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-07-27 02:42
Modified
2025-04-11 00:51
Severity ?
Summary
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*", matchCriteriaId: "FA7424BA-1E18-4267-9697-F4560BE75359", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "972C5C87-E982-44A5-866D-FDEACB5203B8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*", matchCriteriaId: "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "BB8AAFEA-2C73-460E-AAF3-C076041C7335", versionEndIncluding: "2.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "4664C66E-3F4B-471E-AAC9-276834A55499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", matchCriteriaId: "43CACD28-B9A3-46D5-BA99-AA578F51D693", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", matchCriteriaId: "1A4951C4-8941-4A7F-B742-B50A812CC4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", matchCriteriaId: "1A83D0E2-C724-47D1-9A98-7ACADA8810DA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", matchCriteriaId: "56B7E191-8A62-4BDE-90A4-192BA5696A39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", matchCriteriaId: "4A027797-81BC-4826-BBCC-C5EAEAB3E503", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", matchCriteriaId: "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", matchCriteriaId: "D38126DF-747B-4892-9B63-E7E35F98C760", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", matchCriteriaId: "ECD78557-9403-496D-8512-FA693E291164", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", matchCriteriaId: "CB076878-0465-44C7-AE59-C9584B3CEE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", matchCriteriaId: "F682D85A-5B8C-4F83-BABD-9D28775C3776", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", matchCriteriaId: "43DA16B0-8E35-444D-B0BC-6774BBEC9E49", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", matchCriteriaId: "D249483C-D9F2-474F-9DDD-775CA573A642", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "C5BD9104-7BE9-420F-8DB2-C07748941254", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A6513765-FEB9-4D7E-AE29-E479707AED02", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", matchCriteriaId: "42291710-D8D1-4C77-8A62-E0B80BA3D5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", matchCriteriaId: "0BBFD756-FF7B-4163-9924-CC922A7EA1AF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "226579DC-5DFE-4778-9871-4137B556D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", matchCriteriaId: "CB03E6D7-1A07-49EB-AB21-E136132BDF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", matchCriteriaId: "68FE6392-8774-4534-8903-BE9154FE2795", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", matchCriteriaId: "9F98F783-0AB2-41BE-8B07-D62438824541", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "7A206D39-DBF9-4B14-8703-9081682A1EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", matchCriteriaId: "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", matchCriteriaId: "1371416C-30C8-47A6-8A0C-F4E37875BE8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", matchCriteriaId: "CA790538-865A-4249-B6F9-F0CEC5818E57", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", matchCriteriaId: "62AB605C-3102-4425-A563-817445B2F187", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E6F5051-BF57-44EA-942F-9E74A06D8B45", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", matchCriteriaId: "0FD6DFE0-4FC8-4311-A724-666AA48A64C5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", matchCriteriaId: "EB833625-4D55-4BFE-A05C-5650D342C461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", matchCriteriaId: "CB5F7791-FC8F-4E6C-B14D-A31D69086895", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.", }, { lang: "es", value: "jboss-seam.jar en el framework JBoss Seam 2 2.2.x y versiones anteriores, tal como se distribuye con la plataforma Hat JBoss Enterprise SOA 4.3.0.CP04 y 5.1.0 y JBoss Enterprise Application Platform (JBoss EAP o JBEAP) 4.3.0.CP09 y 5.1.0, no restringen el uso de instrucciones de \"Expression Language\" (EL) en FacesMessages durante el manejo de excepciones de página, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de una URL modificada a una aplicación.", }, ], id: "CVE-2011-1484", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-07-27T02:42:27.203", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0460.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0461.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0462.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0463.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-1148.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-1251.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=692421", }, { source: "secalert@redhat.com", url: "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0460.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0461.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0462.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0463.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1148.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1251.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=692421", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }