the original cloud security
Showing 1 - 9 of 9 RSS Feed

CVE-2011-2196

Status Candidate

Overview

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.

Related Files

HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
MD5 | 52209165529830d2a9b070a87e821507
Red Hat Security Advisory 2011-0952-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0952-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 8b73999f7f6e586da25a1e2fe6ceb3f1
Red Hat Security Advisory 2011-0951-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 53f7b9f13747ac8242226cd65de00bb0
Red Hat Security Advisory 2011-0950-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | ba9d8427ae712a98af3f6a015aba6608
Red Hat Security Advisory 2011-0949-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0949-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 58926366a37ce68409fbcbc05268cb93
Red Hat Security Advisory 2011-0948-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | a29c146ee62ae571477ee9fee27e41fb
Red Hat Security Advisory 2011-0947-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0947-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | bce85f85d9c65c02e76de11b68560ea9
Red Hat Security Advisory 2011-0946-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0946-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 5e3cabb38c10329973ef2e47f66e6552
Red Hat Security Advisory 2011-0945-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0945-01 - The Enterprise Web Platform is for mid-size workloads, focusing on light and rich Java applications. Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform. This JBoss Enterprise Web Platform 5.1.1 release for Red Hat Enterprise Linux 4, 5, and 6 serves as a replacement for JBoss Enterprise Web Platform 5.1.0. These updated packages include the bug fixes detailed in the release notes, which are linked to from the References section of this erratum. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-2196
MD5 | 52d026519aaea127828903471fc90595
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close