← Volver a CVEs
CVE-2010-1871
HIGHCISA KEV8.8
Descripcion
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado8/5/2010
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorRed Hat
ProductoJBoss Seam 2
Nombre vulnerabilidadRed Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
Fecha inclusion KEV2021-12-10
Fecha limite remediacion2022-06-10
Uso en ransomwareUnknown
Productos afectados
netapp:oncommand_balancenetapp:oncommand_insightnetapp:oncommand_unified_managerredhat:enterprise_linuxredhat:jboss_enterprise_application_platform
Debilidades (CWE)
CWE-917CWE-917
Referencias
http://www.redhat.com/support/errata/RHSA-2010-0564.html(cve@mitre.org)
http://www.securityfocus.com/bid/41994(cve@mitre.org)
http://www.securitytracker.com/id?1024253(cve@mitre.org)
http://www.vupen.com/english/advisories/2010/1929(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20161017-0001/(cve@mitre.org)
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0564.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41994(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024253(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1929(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20161017-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1871(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.