It was found that the 'do' parameter permitted expression language (EL) injection, which could allow a remote attacker to execute Java methods on an affected server.
It was reported  that remote attackers can inject EL (Expression Language) via "do" parameter.
This leads to remote Java method execution vulnerability.
Red Hat would like to thank Takeshi Terada of Mitsui Bussan Secure Directions, Inc. for reporting this issue.
Created attachment 1005892 [details]
patch commit diffs
Created wildfly tracking bugs for this issue:
Affects: fedora-all [bug 1205373]
This issue has been addressed in the following products:
Red Hat JBoss Web Framework Kit 2.7.0
Via RHSA-2015:0719 https://rhn.redhat.com/errata/RHSA-2015-0719.html
This issue did not affect any version of Red Hat JBoss Enterprise Application Platform 5 as they did not include the vulnerable version of the RichFaces component. JBoss EAP 5.x includes versions 3.3.1.x of RichFaces; this vulnerability was introduced in version 4.x of RichFaces.