SHARE
CORE IMPACT v10.5 - Exploits Update (Fri Sep 24 2010)
JBoss Seam 2 Framework actionOutcome Remote Code Execution Exploit
Exploits/Remote Code Execution [Linux]
• Fri Sep 24 2010
An input sanitization flaw was found in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam framework. This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 framework.
Exploits Vulnerabiltiy: CVE-2010-1871