Details

    • Affects:
      Release Notes
    • Release Notes Text:
      Hide
      An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute parameterless methods on Seam components via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework.
      Red Hat would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue.
      Show
      An input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language (EL) expressions. A remote attacker could use this flaw to execute parameterless methods on Seam components via a URL, containing appended, specially-crafted expression language parameters, provided to certain applications based on the JBoss Seam framework. Red Hat would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      The Seam 2.x actionOutcome parameter issue (JBPAPP-4714, JBPAPP-4717) affects also to some degree Seam 1.x. The injected code however cannot contain method parameters, so it's probably harmless, but steps to sanitize it should be taken.

      For example in the booking application following code can be used to retrieve user's password (in the address bar)
      http://localhost:8080/seam-booking/home.seam?actionOutcome=/x.html?password%3d%23

      {user.password}

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                manaRH Marek Novotny
                Reporter:
                oskutka Ondrej Skutka
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: