返回 CVE 浏览器

CVE-2010-1871

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score41.9360%

EPSS Percentile85.75th

Published2010年8月5日

Last Modified2026年4月22日

Vulnerability Description

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Affected Platforms (CPE)

📦

Redhat

Jboss Enterprise Application Platform

= 4.3.0

📦

Netapp

Oncommand Balance

All versions

📦

Netapp

Oncommand Insight

All versions

📦

Netapp

Oncommand Unified Manager

All versions

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html

🔗 http://www.redhat.com/support/errata/RHSA-2010-0564.html

🔗 http://www.securityfocus.com/bid/41994

🔗 http://www.securitytracker.com/id?1024253

🔗 http://www.vupen.com/english/advisories/2010/1929

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=615956

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/60794

🔗 https://security.netapp.com/advisory/ntap-20161017-0001/

相关漏洞威胁

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2016-54068.8

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to...