JBoss Seam framework remote code execution

Description

The JBoss Seam Framework is an application framework for building web applications in Java. An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute arbitrary code via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework.

Remediation

Apply the jboss-seam2 security update or upgrade to the latest version of JBoss Seam framework.

References