← Back to CVEs
CVE-2010-1871
HIGHCISA KEV8.8
Description
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published8/5/2010
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorRed Hat
ProductJBoss Seam 2
Vulnerability NameRed Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
KEV Date Added2021-12-10
Remediation Due Date2022-06-10
Ransomware UseUnknown
Affected Products
netapp:oncommand_balancenetapp:oncommand_insightnetapp:oncommand_unified_managerredhat:enterprise_linuxredhat:jboss_enterprise_application_platform
Weaknesses (CWE)
CWE-917CWE-917
References
http://www.redhat.com/support/errata/RHSA-2010-0564.html(cve@mitre.org)
http://www.securityfocus.com/bid/41994(cve@mitre.org)
http://www.securitytracker.com/id?1024253(cve@mitre.org)
http://www.vupen.com/english/advisories/2010/1929(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20161017-0001/(cve@mitre.org)
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0564.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41994(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024253(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1929(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20161017-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1871(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.