[JBoss JIRA] (JBADMCON-172) CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
3:54 a.m.
Renaud Dubourguais created JBADMCON-172:
-------------------------------------------
Summary: CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5
and 6
Key: JBADMCON-172
URL: https://issues.jboss.org/browse/JBADMCON-172
Project: JBoss Admin Console
Issue Type: Bug
Components: General Console
Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
Reporter: Renaud Dubourguais
The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still
affected by the CVE-2010-1871. (The Red Hat version is already patched).
This vulnerability allows pre-authentication remote code execution and functional public
exploits exist.
For more details about this issue:
- http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
- https://access.redhat.com/security/cve/CVE-2010-1871
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:56 a.m.
[
https://issues.jboss.org/browse/JBADMCON-172?page=com.atlassian.jira.plug...
]
Renaud Dubourguais updated JBADMCON-172:
----------------------------------------
Workaround Description: Upgrade to the latest version of the SEAM framework.
Workaround: Workaround Exists
CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5
and 6
--------------------------------------------------------------------------
Key: JBADMCON-172
URL: https://issues.jboss.org/browse/JBADMCON-172
Project: JBoss Admin Console
Issue Type: Bug
Components: General Console
Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
Reporter: Renaud Dubourguais
The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still
affected by the CVE-2010-1871. (The Red Hat version is already patched).
This vulnerability allows pre-authentication remote code execution and functional public
exploits exist.
For more details about this issue:
- http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
- https://access.redhat.com/security/cve/CVE-2010-1871
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:04 a.m.
[
https://issues.jboss.org/browse/JBADMCON-172?page=com.atlassian.jira.plug...
]
Renaud Dubourguais updated JBADMCON-172:
----------------------------------------
Labels: security (was: )
CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5
and 6
--------------------------------------------------------------------------
Key: JBADMCON-172
URL: https://issues.jboss.org/browse/JBADMCON-172
Project: JBoss Admin Console
Issue Type: Bug
Components: General Console
Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
Reporter: Renaud Dubourguais
Labels: security
The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still
affected by the CVE-2010-1871. (The Red Hat version is already patched).
This vulnerability allows pre-authentication remote code execution and functional public
exploits exist.
For more details about this issue:
- http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
- https://access.redhat.com/security/cve/CVE-2010-1871
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
4412
days inactive
4412
days old
2 comments
1 participants
participants (1)
-
Renaud Dubourguais (JIRA)