Bug 692421 (CVE-2011-1484) - CVE-2011-1484 JBoss Seam privilege escalation caused by EL interpolation in FacesMessages
Summary: CVE-2011-1484 JBoss Seam privilege escalation caused by EL interpolation in F...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Ondrej Skutka
URL:
Whiteboard:
Depends On:
Blocks: 771810
TreeView+ depends on / blocked
 
Reported: 2011-03-31 10:15 UTC by Marc Schoenefeld
Modified: 2023-05-13 01:12 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-02 22:46:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0460 0 normal SHIPPED_LIVE Important: jboss-seam2 security update 2011-04-20 19:34:32 UTC
Red Hat Product Errata RHSA-2011:0461 0 normal SHIPPED_LIVE Important: jboss-seam2 security update 2011-04-20 19:39:47 UTC
Red Hat Product Errata RHSA-2011:0462 0 normal SHIPPED_LIVE Important: jboss-seam security update 2011-04-20 19:50:09 UTC
Red Hat Product Errata RHSA-2011:0463 0 normal SHIPPED_LIVE Important: JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 security update 2011-04-20 19:50:00 UTC
Red Hat Product Errata RHSA-2011:1148 0 normal SHIPPED_LIVE Important: JBoss Communications Platform 5.1.1 update 2011-08-10 18:33:34 UTC
Red Hat Product Errata RHSA-2011:1251 0 normal SHIPPED_LIVE Important: JBoss Enterprise Portal Platform 5.1.1 update 2011-09-05 02:25:10 UTC
Red Hat Product Errata RHSA-2012:0091 0 normal SHIPPED_LIVE Important: JBoss Enterprise Portal Platform 4.3 CP07 update 2012-02-03 03:19:04 UTC

Comment 7 Marc Schoenefeld 2011-04-01 15:18:01 UTC 
JBoss Seam2 does not properly block access to EL constructs in page exception handling. This allowed arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework. 

Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
Comment 12 errata-xmlrpc 2011-04-20 19:34:37 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 5
  JBEAP 4.3.0 for RHEL 4

Via RHSA-2011:0460 https://rhn.redhat.com/errata/RHSA-2011-0460.html
Comment 13 errata-xmlrpc 2011-04-20 19:39:52 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5

Via RHSA-2011:0461 https://rhn.redhat.com/errata/RHSA-2011-0461.html
Comment 14 errata-xmlrpc 2011-04-20 19:50:04 UTC 
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0

Via RHSA-2011:0463 https://rhn.redhat.com/errata/RHSA-2011-0463.html
Comment 15 errata-xmlrpc 2011-04-20 19:50:13 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 4.3.0.CP09 and 5.1.0

Via RHSA-2011:0462 https://rhn.redhat.com/errata/RHSA-2011-0462.html
Comment 16 Murray McAllister 2011-04-20 22:55:17 UTC 
Acknowledgements:

Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue.
Comment 17 errata-xmlrpc 2011-08-10 18:33:39 UTC 
This issue has been addressed in following products:

  JBoss Communications Platform 5.1.1

Via RHSA-2011:1148 https://rhn.redhat.com/errata/RHSA-2011-1148.html
Comment 21 errata-xmlrpc 2012-02-02 22:19:58 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 4.3 CP07

Via RHSA-2012:0091 https://rhn.redhat.com/errata/RHSA-2012-0091.html
Note You need to log in before you can comment on or make changes to this bug.