Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)

Description

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Remediation

References

Related Vulnerabilities

PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-8387)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

Squid Improper Input Validation Vulnerability (CVE-2016-2570)

Oracle Application Server Other Vulnerability (CVE-2000-1236)

Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)

Severity

Medium

Classification

CVE-2010-1871 CWE-20

Tags

Missing Update Known Vulnerabilities