[seam-issues] [JBoss JIRA] (JBSEAM-4844) Seam 2 does not properly block access to EL expressions
Marek Novotny (Resolved) (JIRA)
jira-events at lists.jboss.org
Sat Oct 8 05:37:15 EDT 2011
[ https://issues.jboss.org/browse/JBSEAM-4844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marek Novotny resolved JBSEAM-4844.
-----------------------------------
Resolution: Done
> Seam 2 does not properly block access to EL expressions
> -------------------------------------------------------
>
> Key: JBSEAM-4844
> URL: https://issues.jboss.org/browse/JBSEAM-4844
> Project: Seam 2
> Issue Type: Bug
> Components: EL
> Affects Versions: 2.2.0.GA, 2.2.1.Final, 2.2.2.Final
> Reporter: Marek Novotny
> Assignee: Marek Novotny
> Fix For: 2.3.0.ALPHA
>
>
> Seam 2 does not properly block access to JBoss
> Expression Language (EL) constructs in page exception handling, allowing
> arbitrary Java methods to be executed. A remote attacker could use this
> flaw to execute arbitrary code via a specially-crafted URL provided to
> certain applications based on the JBoss Seam 2 framework. Note: A properly
> configured and enabled Java Security Manager would prevent exploitation of
> this flaw. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1484)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list