CVE-2011-1484
Summary
| CVE | CVE-2011-1484 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-07-27 02:42:00 UTC |
| Updated | 2011-10-26 02:58:00 UTC |
| Description | jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp09 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp09 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp04 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.3 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | alpha1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.3 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | alpha1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| 5. Issues | CONFIRM | docs.redhat.com | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| Bug 692421 – CVE-2011-1484 JBoss Seam privilege escalation caused by EL interpolation in FacesMessages | CONFIRM | bugzilla.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.