CVE-2010-1871
KEV
🔴 Łataj teraz
Brak sanitizacji wejść w JBoss Seam 2 pozwala na zdalne wykonanie kodu przez atakujących.
CVSS
8.8
EPSS
93.6%
Exploit
weaponized
Vendor
netapp
Opis źródłowy (NVD)
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 93.6% |
| Opublikowano (NVD) | 2010-08-05 13:23:09 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 14:14:18 UTC |
Referencje
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html (cve@mitre.org) [Broken Link]
- http://www.redhat.com/support/errata/RHSA-2010-0564.html (cve@mitre.org) [Broken Link]
- http://www.securityfocus.com/bid/41994 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id?1024253 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.vupen.com/english/advisories/2010/1929 (cve@mitre.org) [Broken Link, Vendor Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=615956 (cve@mitre.org) [Issue Tracking]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://security.netapp.com/advisory/ntap-20161017-0001/ (cve@mitre.org) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1871 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]