Bug 712283 (CVE-2011-2196) - CVE-2011-2196 JBoss Seam EL interpolation in exception handling
Summary: CVE-2011-2196 JBoss Seam EL interpolation in exception handling
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2196
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: All
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Ondrej Skutka
URL:
Whiteboard:
Depends On:
Blocks: 735462
TreeView+ depends on / blocked
 
Reported: 2011-06-10 06:11 UTC by David Jorm
Modified: 2023-05-12 18:49 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-19 02:22:26 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1101619 0 high CLOSED CVE-2014-0248 JBoss Seam: RCE via unsafe logging in AuthenticationFilter 2023-05-12 22:29:08 UTC
Red Hat Product Errata RHSA-2011:0945 0 normal SHIPPED_LIVE Important: JBoss Enterprise Web Platform 5.1.1 update 2011-07-18 20:57:07 UTC
Red Hat Product Errata RHSA-2011:0946 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.1.1 update 2011-07-18 20:22:59 UTC
Red Hat Product Errata RHSA-2011:0947 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.1.1 update 2011-07-18 20:35:18 UTC
Red Hat Product Errata RHSA-2011:0948 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.1.1 update 2011-07-18 20:34:21 UTC
Red Hat Product Errata RHSA-2011:0949 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 5.1.1 update 2011-07-18 20:46:47 UTC
Red Hat Product Errata RHSA-2011:0950 0 normal SHIPPED_LIVE Important: jboss-seam2 security update 2011-07-18 20:46:35 UTC
Red Hat Product Errata RHSA-2011:0951 0 normal SHIPPED_LIVE Important: jboss-seam security update 2011-07-18 20:46:25 UTC
Red Hat Product Errata RHSA-2011:0952 0 normal SHIPPED_LIVE Important: JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0 security update 2011-07-18 20:56:57 UTC

Internal Links: 1101619

Comment 4 David Jorm 2011-06-15 07:57:26 UTC 
Acknowledgements:

Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Comment 9 David Jorm 2011-07-05 02:09:07 UTC 
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. 

Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
Comment 10 errata-xmlrpc 2011-07-18 20:23:21 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 6

Via RHSA-2011:0946 https://rhn.redhat.com/errata/RHSA-2011-0946.html
Comment 11 errata-xmlrpc 2011-07-18 20:34:30 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 5

Via RHSA-2011:0948 https://rhn.redhat.com/errata/RHSA-2011-0948.html
Comment 12 errata-xmlrpc 2011-07-18 20:35:35 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4

Via RHSA-2011:0947 https://rhn.redhat.com/errata/RHSA-2011-0947.html
Comment 13 errata-xmlrpc 2011-07-18 20:46:29 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0

Via RHSA-2011:0951 https://rhn.redhat.com/errata/RHSA-2011-0951.html
Comment 14 errata-xmlrpc 2011-07-18 20:46:40 UTC 
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 5
  JBEAP 4.3.0 for RHEL 4

Via RHSA-2011:0950 https://rhn.redhat.com/errata/RHSA-2011-0950.html
Comment 15 errata-xmlrpc 2011-07-18 20:46:51 UTC 
This issue has been addressed in following products:

  JBEAP 5

Via RHSA-2011:0949 https://rhn.redhat.com/errata/RHSA-2011-0949.html
Comment 16 errata-xmlrpc 2011-07-18 20:57:01 UTC 
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0

Via RHSA-2011:0952 https://rhn.redhat.com/errata/RHSA-2011-0952.html
Comment 17 errata-xmlrpc 2011-07-18 20:57:37 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 6

Via RHSA-2011:0945 https://rhn.redhat.com/errata/RHSA-2011-0945.html
Note You need to log in before you can comment on or make changes to this bug.