JBoss Seam framework remote code execution

Description
  • The JBoss Seam Framework is an application framework for building web applications in Java. An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute arbitrary code via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework.
Remediation
  • Apply the jboss-seam2 security update or upgrade to the latest version of JBoss Seam framework.
References