Bug 712283 (CVE-2011-2196)

Summary: CVE-2011-2196 JBoss Seam EL interpolation in exception handling
Product: [Other] Security Response Reporter: David Jorm <djorm>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact: Ondrej Skutka <oskutka>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jawilson, jcoleman, jsedlace, ldimaggi, maschmid, mjc, mnovotny, mschoene, mvecera, oskutka, psiroky, pslegr, security-response-team
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-19 02:22:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 735462    

Comment 4 David Jorm 2011-06-15 07:57:26 UTC 
Acknowledgements:

Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Comment 9 David Jorm 2011-07-05 02:09:07 UTC 
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. 

Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
Comment 10 errata-xmlrpc 2011-07-18 20:23:21 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 6

Via RHSA-2011:0946 https://rhn.redhat.com/errata/RHSA-2011-0946.html
Comment 11 errata-xmlrpc 2011-07-18 20:34:30 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 5

Via RHSA-2011:0948 https://rhn.redhat.com/errata/RHSA-2011-0948.html
Comment 12 errata-xmlrpc 2011-07-18 20:35:35 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4

Via RHSA-2011:0947 https://rhn.redhat.com/errata/RHSA-2011-0947.html
Comment 13 errata-xmlrpc 2011-07-18 20:46:29 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0

Via RHSA-2011:0951 https://rhn.redhat.com/errata/RHSA-2011-0951.html
Comment 14 errata-xmlrpc 2011-07-18 20:46:40 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 5
  JBEAP 4.3.0 for RHEL 4

Via RHSA-2011:0950 https://rhn.redhat.com/errata/RHSA-2011-0950.html
Comment 15 errata-xmlrpc 2011-07-18 20:46:51 UTC 
This issue has been addressed in following products:

  JBEAP 5

Via RHSA-2011:0949 https://rhn.redhat.com/errata/RHSA-2011-0949.html
Comment 16 errata-xmlrpc 2011-07-18 20:57:01 UTC 
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0

Via RHSA-2011:0952 https://rhn.redhat.com/errata/RHSA-2011-0952.html
Comment 17 errata-xmlrpc 2011-07-18 20:57:37 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 6

Via RHSA-2011:0945 https://rhn.redhat.com/errata/RHSA-2011-0945.html