CVE-2011-2196
Summary
| CVE | CVE-2011-2196 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-07-27 02:55:00 UTC |
| Updated | 2023-11-07 02:07:00 UTC |
| Description | jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp09 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 4.3.0 | cp09 | All | All |
| Application | Redhat | Jboss Enterprise Application Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 4.3.0 | cp05 | All | All |
| Application | Redhat | Jboss Enterprise Soa Platform | 5.1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.1.1 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.3 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | alpha1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.2 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.0.3 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | alpha1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | beta1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.0 | sp1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.1 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.1.2 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.0 | ga | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | All | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr1 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr2 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | 2.2.1 | cr3 | All | All |
| Application | Redhat | Jboss Seam 2 Framework | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 712283 – (CVE-2011-2196) CVE-2011-2196 JBoss Seam EL interpolation in exception handling | CONFIRM | bugzilla.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| JBoss Seam Expression Language (EL) CVE-2011-2196 Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| Support | REDHAT | www.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.