Vulnerability CVE-2011-1484 - CERT Civis.Net

Vulnerability Name:

CVE-2011-1484 (CCN-66982)

Assigned:

2011-04-21

Published:

2011-04-21

Updated:

2011-10-26

Summary:

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2011-1484

Source: CCN
Type: RHSA-2011-0460
Important: jboss-seam2 security update

Source: CCN
Type: RHSA-2011-0461
Important: jboss-seam2 security update

Source: CCN
Type: SA44316
Red Hat Update for JBoss Products

Source: CCN
Type: JBoss Web site
JBoss Enterprise Application Platform

Source: CCN
Type: OSVDB ID: 74277
JBoss Seam jboss-seam.jar FacesMessages Expression Language Statement Remote Java Code Execution

Source: REDHAT
Type: Vendor Advisory
RHSA-2011:0460

Source: REDHAT
Type: Vendor Advisory
RHSA-2011:0461

Source: REDHAT
Type: Vendor Advisory
RHSA-2011:0462

Source: REDHAT
Type: Vendor Advisory
RHSA-2011:0463

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1148

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1251

Source: CCN
Type: BID-47516
JBoss Seam Expression Language (EL) Remote Code Execution Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=692421

Source: CONFIRM
Type: UNKNOWN
https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/5.1.1_Release_Notes/ar01s05.html

Source: XF
Type: UNKNOWN
jboss-seam2-code-exec(66982)

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:* (Version <= 2.2.2)

Configuration CCN 1:

cpe:/a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable