jbossas is vulnerable to arbitrary EJB QL command execution. The vulnerability exists as the setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter.
jira.jboss.com/jira/browse/JBSEAM-2084
osvdb.org/42631
redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
secunia.com/advisories/28077
sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0151.html
www.redhat.com/support/errata/RHSA-2008-0158.html
www.redhat.com/support/errata/RHSA-2008-0213.html
www.securityfocus.com/bid/26850
www.vupen.com/english/advisories/2007/4215
access.redhat.com/errata/RHSA-2008:0151