CVE-2010-1871

Confirmed PUBLISHED

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...

Red Hat · JBoss Enterprise Application Platform
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High

At a Glance

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

java linux metasploit cisa
CVE Published
Aug 04, 2010
Exploitation Reported
Dec 10, 2021
CVSS
8.8 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • RHSA-2010:0564 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2010-0564.html
  • 41994 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/41994
  • 1024253 securitytracker.com · VDB Entry http://www.securitytracker.com/id?1024253
  • ADV-2010-1929 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2010/1929
  • seam-expressions-code-execution(60794) exchange.xforce.ibmcloud.com · VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
Show 3 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.