Vulnerability Description
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 4.3.0 |
| Redhat | Enterprise Linux | 4 |
| Netapp | Oncommand Balance | - |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Unified Manager | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.htmlBroken Link
- http://www.redhat.com/support/errata/RHSA-2010-0564.htmlBroken Link
- http://www.securityfocus.com/bid/41994Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024253Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2010/1929Broken LinkVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=615956Issue Tracking
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794Third Party AdvisoryVDB Entry
- https://security.netapp.com/advisory/ntap-20161017-0001/Third Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.htmlBroken Link
- http://www.redhat.com/support/errata/RHSA-2010-0564.htmlBroken Link
- http://www.securityfocus.com/bid/41994Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024253Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2010/1929Broken LinkVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=615956Issue Tracking
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794Third Party AdvisoryVDB Entry
FAQ
What is CVE-2010-1871?
CVE-2010-1871 is a vulnerability with a CVSS score of 8.8 (HIGH). JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows rem...
How severe is CVE-2010-1871?
CVE-2010-1871 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1871?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Netapp Oncommand Balance, Netapp Oncommand Insight, Netapp Oncommand Unified Manager.