[jboss-jira] [JBoss JIRA] (JBADMCON-172) CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6

[Arun Neelicattu (JIRA)]

     [ https://issues.jboss.org/browse/JBADMCON-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arun Neelicattu closed JBADMCON-172.
------------------------------------

    Resolution: Rejected


JBoss AS 5 and 6 are no longer maintained or developed. This flaw is resolved in AS 7, and you can consume the fix by upgrading. If required, the [JBoss Enterprise Application Platform|http://www.redhat.com/products/jbossenterprisemiddleware/application-platform/] allows you to consume security fixes backported to older versions of JBoss AS.
                
> CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6
> --------------------------------------------------------------------------
>
>                 Key: JBADMCON-172
>                 URL: https://issues.jboss.org/browse/JBADMCON-172
>             Project: JBoss Admin Console
>          Issue Type: Bug
>          Components: General Console
>    Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha
>            Reporter: Renaud Dubourguais
>              Labels: security
>
> The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched).
> This vulnerability allows pre-authentication remote code execution and functional public exploits exist. 
> For more details about this issue:
>  - http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html
>  - https://access.redhat.com/security/cve/CVE-2010-1871

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira