Signature Detail
Short Name |
HTTP:MISC:JBOSS-SEAM-EL-RCE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
JBoss Seam Parameterized Expression Language Expressions Remote Code Execution |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: JBoss Seam Parameterized Expression Language Expressions Remote Code Execution
This signature detects attempts to exploit a known vulnerability against JBoss Seam. A successful exploit can lead to remote code execution.
Extended Description
JBoss Seam is prone to a remote code-execution vulnerability because it fails to properly validate certain Expression Language (EL) expressions. Attackers can exploit this issue to execute arbitrary code within the context of the affected application.
Affected Products
- JBoss Group JBoss Seam 2.0.0 CR1
- JBoss Group JBoss Seam 2.0.0 CR2
- JBoss Group JBoss Seam 2.0.0 CR3
- JBoss Group JBoss Seam 2.0.0 GA
- JBoss Group JBoss Seam 2.0.2
- JBoss Group JBoss Seam 2.0.2.SP1
- Red Hat JBoss Enterprise Application Platform 4.3.0
- Red Hat JBoss Enterprise Application Platform 4.3.0 EL4
- Red Hat JBoss Enterprise Application Platform 4.3.0 EL5
References
- BugTraq: 41994
- CVE: CVE-2010-1871