Lucene search

K

[email protected]NVD:CVE-2010-1871

HistoryAug 05, 2010 - 1:23 p.m.

CVE-2010-1871

2010-08-0513:23:09

CWE-20

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformMatch4.3.0

AND

redhatenterprise_linuxMatch4

OR

redhatenterprise_linuxMatch5

References

archives.neohapsis.com/archives/bugtraq/2013-05/0117.html

www.redhat.com/support/errata/RHSA-2010-0564.html

www.securityfocus.com/bid/41994

www.securitytracker.com/id?1024253

www.vupen.com/english/advisories/2010/1929

bugzilla.redhat.com/show_bug.cgi?id=615956

exchange.xforce.ibmcloud.com/vulnerabilities/60794

security.netapp.com/advisory/ntap-20161017-0001/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

Related for NVD:CVE-2010-1871

seebug1 checkpoint_advisories1 veracode1 cisa_kev1 cve1 redhat1 nessus1 prion1 cvelist1 zdt1 packetstorm1 attackerkb1 metasploit1 exploitdb1 impervablog1 threatpost1 cisa2 fireeye1 qualysblog1