[jboss-jira] [JBoss JIRA] (JBADMCON-172) CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
Renaud Dubourguais (JIRA)
jira-events at lists.jboss.org
Tue Nov 27 05:04:23 EST 2012
[ https://issues.jboss.org/browse/JBADMCON-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Renaud Dubourguais updated JBADMCON-172:
----------------------------------------
Labels: security (was: )
> CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
> --------------------------------------------------------------------------
>
> Key: JBADMCON-172
> URL: https://issues.jboss.org/browse/JBADMCON-172
> Project: JBoss Admin Console
> Issue Type: Bug
> Components: General Console
> Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
> Reporter: Renaud Dubourguais
> Labels: security
>
> The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched).
> This vulnerability allows pre-authentication remote code execution and functional public exploits exist.
> For more details about this issue:
> - http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
> - https://access.redhat.com/security/cve/CVE-2010-1871
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list