CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL.  NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Expression Language Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
redhatjboss_enterprise_application_platform
4.3.0
netapponcommand_balance
-
netapponcommand_insight
-
netapponcommand_unified_manager
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
http://www.redhat.com/support/errata/RHSA-2010-0564.html
http://www.securityfocus.com/bid/41994
http://www.securitytracker.com/id?1024253
http://www.vupen.com/english/advisories/2010/1929
https://bugzilla.redhat.com/show_bug.cgi?id=615956
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
https://security.netapp.com/advisory/ntap-20161017-0001/
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
http://www.redhat.com/support/errata/RHSA-2010-0564.html
http://www.securityfocus.com/bid/41994
http://www.securitytracker.com/id?1024253
http://www.vupen.com/english/advisories/2010/1929
https://bugzilla.redhat.com/show_bug.cgi?id=615956
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
https://security.netapp.com/advisory/ntap-20161017-0001/