Exploit the possiblities
Showing 1 - 9 of 9 RSS Feed

CVE-2011-2196

Status Candidate

Overview

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.

Related Files

HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
MD5 | 52209165529830d2a9b070a87e821507
Red Hat Security Advisory 2011-0952-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0952-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 8b73999f7f6e586da25a1e2fe6ceb3f1
Red Hat Security Advisory 2011-0951-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 53f7b9f13747ac8242226cd65de00bb0
Red Hat Security Advisory 2011-0950-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | ba9d8427ae712a98af3f6a015aba6608
Red Hat Security Advisory 2011-0949-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0949-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 58926366a37ce68409fbcbc05268cb93
Red Hat Security Advisory 2011-0948-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | a29c146ee62ae571477ee9fee27e41fb
Red Hat Security Advisory 2011-0947-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0947-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | bce85f85d9c65c02e76de11b68560ea9
Red Hat Security Advisory 2011-0946-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0946-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 5e3cabb38c10329973ef2e47f66e6552
Red Hat Security Advisory 2011-0945-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0945-01 - The Enterprise Web Platform is for mid-size workloads, focusing on light and rich Java applications. Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform. This JBoss Enterprise Web Platform 5.1.1 release for Red Hat Enterprise Linux 4, 5, and 6 serves as a replacement for JBoss Enterprise Web Platform 5.1.0. These updated packages include the bug fixes detailed in the release notes, which are linked to from the References section of this erratum. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 52d026519aaea127828903471fc90595
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close