CVE-2010-1871
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 10, 2010
- Published Date
- August 04, 2010
- Last Updated
- February 10, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2021-12-10 00:00:00 UTC) Source
References
http://www.securityfocus.com/bid/41994
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
http://www.securitytracker.com/id?1024253
http://www.vupen.com/english/advisories/2010/1929
https://bugzilla.redhat.com/show_bug.cgi?id=615956
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
http://www.redhat.com/support/errata/RHSA-2010-0564.html
https://security.netapp.com/advisory/ntap-20161017-0001/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-12-10 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jboss_seam_upload_exec.rb | 2025-04-29 11:01:21 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
jboss_seam_upload_exec
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-1871