4:33 a.m.
Seam 2 does not properly block access to EL expressions
-------------------------------------------------------
Key: JBSEAM-4844
URL: https://issues.jboss.org/browse/JBSEAM-4844
Project: Seam 2
Issue Type: Bug
Components: EL
Affects Versions: 2.2.2.Final, 2.2.1.Final, 2.2.0.GA
Reporter: Marek Novotny
Assignee: Marek Novotny
Fix For: 2.3.0.ALPHA
Seam 2 does not properly block access to JBoss
Expression Language (EL) constructs in page exception handling, allowing
arbitrary Java methods to be executed. A remote attacker could use this
flaw to execute arbitrary code via a specially-crafted URL provided to
certain applications based on the JBoss Seam 2 framework. Note: A properly
configured and enabled Java Security Manager would prevent exploitation of
this flaw. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1484)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:37 a.m.
[
https://issues.jboss.org/browse/JBSEAM-4844?page=com.atlassian.jira.plugi...
]
Marek Novotny resolved JBSEAM-4844.
-----------------------------------
Resolution: Done
Seam 2 does not properly block access to EL expressions
-------------------------------------------------------
Key: JBSEAM-4844
URL: https://issues.jboss.org/browse/JBSEAM-4844
Project: Seam 2
Issue Type: Bug
Components: EL
Affects Versions: 2.2.0.GA, 2.2.1.Final, 2.2.2.Final
Reporter: Marek Novotny
Assignee: Marek Novotny
Fix For: 2.3.0.ALPHA
Seam 2 does not properly block access to JBoss
Expression Language (EL) constructs in page exception handling, allowing
arbitrary Java methods to be executed. A remote attacker could use this
flaw to execute arbitrary code via a specially-crafted URL provided to
certain applications based on the JBoss Seam 2 framework. Note: A properly
configured and enabled Java Security Manager would prevent exploitation of
this flaw. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1484)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:37 a.m.
[
https://issues.jboss.org/browse/JBSEAM-4844?page=com.atlassian.jira.plugi...
]
Marek Novotny closed JBSEAM-4844.
---------------------------------
Seam 2 does not properly block access to EL expressions
-------------------------------------------------------
Key: JBSEAM-4844
URL: https://issues.jboss.org/browse/JBSEAM-4844
Project: Seam 2
Issue Type: Bug
Components: EL
Affects Versions: 2.2.0.GA, 2.2.1.Final, 2.2.2.Final
Reporter: Marek Novotny
Assignee: Marek Novotny
Fix For: 2.3.0.ALPHA
Seam 2 does not properly block access to JBoss
Expression Language (EL) constructs in page exception handling, allowing
arbitrary Java methods to be executed. A remote attacker could use this
flaw to execute arbitrary code via a specially-crafted URL provided to
certain applications based on the JBoss Seam 2 framework. Note: A properly
configured and enabled Java Security Manager would prevent exploitation of
this flaw. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1484)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4828
days inactive
4828
days old
2 comments
3 participants
participants (3)
-
Marek Novotny (Closed) (JIRA) -
Marek Novotny (Created) (JIRA)
-
Marek Novotny (Resolved) (JIRA)