6.8

CVE-2011-2196

EPSS 1.22%
Published 27.07.2011 02:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version4.3.0

Redhat ≫ Jboss Enterprise Application Platform Version4.3.0 Updatecp09

Redhat ≫ Jboss Enterprise Application Platform Version5.1.1

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.0

Redhat ≫ Jboss Enterprise Web Platform Version5.1.1

Redhat ≫ Jboss Seam 2 Framework Version <= 2.2.2

Redhat ≫ Jboss Seam 2 Framework Version2.0.0 Updatebeta1

Redhat ≫ Jboss Seam 2 Framework Version2.0.0 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.0.0 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.0.0 Updatecr3

Redhat ≫ Jboss Seam 2 Framework Version2.0.0 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.0.1 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.0.1 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.0.1 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.0.2 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.0.2 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.0.2 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.0.2 Updatesp1

Redhat ≫ Jboss Seam 2 Framework Version2.0.3 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.1.0 Updatealpha1

Redhat ≫ Jboss Seam 2 Framework Version2.1.0 Updatebeta1

Redhat ≫ Jboss Seam 2 Framework Version2.1.0 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.1.0 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.1.0 Updatesp1

Redhat ≫ Jboss Seam 2 Framework Version2.1.1 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.1.1 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.1.1 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.1.2

Redhat ≫ Jboss Seam 2 Framework Version2.1.2 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.1.2 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.2.0 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.2.0 Updatega

Redhat ≫ Jboss Seam 2 Framework Version2.2.1

Redhat ≫ Jboss Seam 2 Framework Version2.2.1 Updatecr1

Redhat ≫ Jboss Seam 2 Framework Version2.2.1 Updatecr2

Redhat ≫ Jboss Seam 2 Framework Version2.2.1 Updatecr3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.22%	0.781

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.redhat.com/support/errata/RHSA-2011-0945.html

http://www.redhat.com/support/errata/RHSA-2011-0946.html

http://www.redhat.com/support/errata/RHSA-2011-0947.html

http://www.redhat.com/support/errata/RHSA-2011-0948.html

http://www.redhat.com/support/errata/RHSA-2011-0949.html

http://www.redhat.com/support/errata/RHSA-2011-0950.html

http://www.redhat.com/support/errata/RHSA-2011-0951.html

http://www.redhat.com/support/errata/RHSA-2011-0952.html

Vendor Advisory

http://www.securityfocus.com/bid/48716

https://bugzilla.redhat.com/show_bug.cgi?id=712283

https://nvd.nist.gov/vuln/detail/CVE-2011-2196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2196

EUVD