[jboss-jira] [JBoss JIRA] (JBADMCON-172) CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
Renaud Dubourguais (JIRA)
jira-events at lists.jboss.org
Tue Nov 27 04:54:22 EST 2012
Renaud Dubourguais created JBADMCON-172:
-------------------------------------------
Summary: CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
Key: JBADMCON-172
URL: https://issues.jboss.org/browse/JBADMCON-172
Project: JBoss Admin Console
Issue Type: Bug
Components: General Console
Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
Reporter: Renaud Dubourguais
The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched).
This vulnerability allows pre-authentication remote code execution and functional public exploits exist.
For more details about this issue:
- http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
- https://access.redhat.com/security/cve/CVE-2010-1871
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list