Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2010-1871
PUBLISHEDJBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...
- Vendor
- Red Hat
- Product
- JBoss Enterprise Application Platform
- Published
- Aug 04, 2010
- EPSS
- —
Description
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2021-12-10 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- http://www.securityfocus.com/bid/41994
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
- http://www.securitytracker.com/id?1024253
- http://www.vupen.com/english/advisories/2010/1929
- https://bugzilla.redhat.com/show_bug.cgi?id=615956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
- http://www.redhat.com/support/errata/RHSA-2010-0564.html
- https://security.netapp.com/advisory/ntap-20161017-0001/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Dec 10, 2021 |
| CISA | Dec 10, 2021 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jboss_seam_upload_exec.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Metasploit