← Voltar para CVEs
CVE-2010-1871
HIGHCISA KEV8.8
Descricao
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado8/5/2010
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorRed Hat
ProdutoJBoss Seam 2
Nome da vulnerabilidadeRed Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
Data inclusao KEV2021-12-10
Prazo de remediacao2022-06-10
Uso em ransomwareUnknown
Produtos afetados
netapp:oncommand_balancenetapp:oncommand_insightnetapp:oncommand_unified_managerredhat:enterprise_linuxredhat:jboss_enterprise_application_platform
Fraquezas (CWE)
CWE-917CWE-917
Referencias
http://www.redhat.com/support/errata/RHSA-2010-0564.html(cve@mitre.org)
http://www.securityfocus.com/bid/41994(cve@mitre.org)
http://www.securitytracker.com/id?1024253(cve@mitre.org)
http://www.vupen.com/english/advisories/2010/1929(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20161017-0001/(cve@mitre.org)
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0564.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41994(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024253(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1929(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=615956(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20161017-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1871(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.