Description

The JBoss Seam Framework is an application framework for building web applications in Java. An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute arbitrary code via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework.

Remediation

Apply the jboss-seam2 security update or upgrade to the latest version of JBoss Seam framework.

References

JBoss Seam framework remote code execution

jboss-seam2 security update

Related Vulnerabilities

Drupal Core 6.x Remote Code Execution (6.0 - 6.38)

ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)

Bonita Authorization Bypass (CVE-2022-25237)

WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)

ColdFusion 8 FCKEditor file upload vulnerability

Severity

High

Classification

CVE-2010-1871 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution