cve-2011-1484
Vulnerability from cvelistv5
Published
2011-07-27 01:00
Modified
2024-08-06 22:28
Severity ?
Summary
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
References
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0460.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0461.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0462.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0463.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1148.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1251.html
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=692421
secalert@redhat.comhttps://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0460.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0461.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0462.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0463.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1148.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1251.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=692421
af854a3a-2127-422b-91ae-364da2661108https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2011:1251",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1251.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692421"
          },
          {
            "name": "RHSA-2011:0462",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0462.html"
          },
          {
            "name": "RHSA-2011:0463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0463.html"
          },
          {
            "name": "RHSA-2011:0461",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0461.html"
          },
          {
            "name": "RHSA-2011:0460",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0460.html"
          },
          {
            "name": "RHSA-2011:1148",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1148.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-23T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2011:1251",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1251.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692421"
        },
        {
          "name": "RHSA-2011:0462",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0462.html"
        },
        {
          "name": "RHSA-2011:0463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0463.html"
        },
        {
          "name": "RHSA-2011:0461",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0461.html"
        },
        {
          "name": "RHSA-2011:0460",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0460.html"
        },
        {
          "name": "RHSA-2011:1148",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1148.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1484",
    "datePublished": "2011-07-27T01:00:00",
    "dateReserved": "2011-03-21T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1484\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-07-27T02:42:27.203\",\"lastModified\":\"2024-11-21T01:26:25.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.\"},{\"lang\":\"es\",\"value\":\"jboss-seam.jar en el framework JBoss Seam 2 2.2.x y versiones anteriores, tal como se distribuye con la plataforma Hat JBoss Enterprise SOA 4.3.0.CP04 y 5.1.0 y JBoss Enterprise Application Platform (JBoss EAP o JBEAP) 4.3.0.CP09 y 5.1.0, no restringen el uso de instrucciones de \\\"Expression Language\\\" (EL) en FacesMessages durante el manejo de excepciones de p\u00e1gina, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de una URL modificada a una aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7424BA-1E18-4267-9697-F4560BE75359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"972C5C87-E982-44A5-866D-FDEACB5203B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B72D56E-DE3C-4383-906D-F3DCD9D09CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.2\",\"matchCriteriaId\":\"BB8AAFEA-2C73-460E-AAF3-C076041C7335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664C66E-3F4B-471E-AAC9-276834A55499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"43CACD28-B9A3-46D5-BA99-AA578F51D693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A4951C4-8941-4A7F-B742-B50A812CC4B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A83D0E2-C724-47D1-9A98-7ACADA8810DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"56B7E191-8A62-4BDE-90A4-192BA5696A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A027797-81BC-4826-BBCC-C5EAEAB3E503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F9B8C2-D2BE-4B4A-829C-528EC716C3FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"D38126DF-747B-4892-9B63-E7E35F98C760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD78557-9403-496D-8512-FA693E291164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB076878-0465-44C7-AE59-C9584B3CEE1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"F682D85A-5B8C-4F83-BABD-9D28775C3776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"43DA16B0-8E35-444D-B0BC-6774BBEC9E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D249483C-D9F2-474F-9DDD-775CA573A642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BD9104-7BE9-420F-8DB2-C07748941254\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6513765-FEB9-4D7E-AE29-E479707AED02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"42291710-D8D1-4C77-8A62-E0B80BA3D5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BBFD756-FF7B-4163-9924-CC922A7EA1AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"226579DC-5DFE-4778-9871-4137B556D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB03E6D7-1A07-49EB-AB21-E136132BDF1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"68FE6392-8774-4534-8903-BE9154FE2795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F98F783-0AB2-41BE-8B07-D62438824541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A206D39-DBF9-4B14-8703-9081682A1EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1371416C-30C8-47A6-8A0C-F4E37875BE8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA790538-865A-4249-B6F9-F0CEC5818E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*\",\"matchCriteriaId\":\"62AB605C-3102-4425-A563-817445B2F187\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6F5051-BF57-44EA-942F-9E74A06D8B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD6DFE0-4FC8-4311-A724-666AA48A64C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB833625-4D55-4BFE-A05C-5650D342C461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB5F7791-FC8F-4E6C-B14D-A31D69086895\"}]}]}],\"references\":[{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0460.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0461.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0462.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0463.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1148.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1251.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=692421\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0460.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0461.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0462.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0463.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1148.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1251.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=692421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.