Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 4.3.0.GA_CP08
    • Fix Version/s: 4.3.0.GA_CP09
    • Component/s: Seam2
    • Labels:
      None
    • Affects:
      Release Notes
    • Release Notes Text:
      Hide
      An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute parameterless methods on Seam components via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework. This release contains enhanced security that prevents malicious interaction using EL expressions.

      Red Hat would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue.
      Show
      An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute parameterless methods on Seam components via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework. This release contains enhanced security that prevents malicious interaction using EL expressions. Red Hat would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Gliffy Diagrams

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                manaRH Marek Novotny
                Reporter:
                manaRH Marek Novotny
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: