Back to search
CVE-2010-1871
Published: Aug 4, 2010
Modified: Oct 22, 2025
PUBLISHED
Description
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
41994
vdb-entry
x_refsource_BID
20130528 CA20130528-01: Security Notice for CA Process Automation (CA PAM)
mailing-list
x_refsource_BUGTRAQ
1024253
vdb-entry
x_refsource_SECTRACK
ADV-2010-1929
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=615956
x_refsource_CONFIRM
seam-expressions-code-execution(60794)
vdb-entry
x_refsource_XF
RHSA-2010:0564
vendor-advisory
x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20161017-0001/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now