Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-1871

Опубликовано: 05 авг. 2010
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Критический

Описание

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*

EPSS

Процентиль: 100%
0.93788
Критический

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-917
CWE-917

Связанные уязвимости

redhat логотип

CVE-2010-1871

redhat
больше 15 лет назад

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

debian логотип

CVE-2010-1871

CVSS3: 8.8
debian
больше 15 лет назад

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Pl ...

github логотип

GHSA-r6fv-qmrc-3h24

CVSS3: 8.8
github
больше 3 лет назад

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

fstec логотип

BDU:2022-04006

CVSS3: 5.6
fstec
больше 15 лет назад

Уязвимость каркаса для разработки web приложений JBoss Seam платформы JBoss Enterprise Application Platform, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%
0.93788
Критический

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-917
CWE-917