CVE-2010-1871: Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
First published: Mon Jul 19 2010(Updated: )
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jboss-seam2 | <0:2.0.2.FP-1.ep1.24.el4 | 0:2.0.2.FP-1.ep1.24.el4 |
| redhat/jboss-seam2 | <0:2.0.2.FP-1.ep1.24.el5 | 0:2.0.2.FP-1.ep1.24.el5 |
| Red Hat JBoss Enterprise Application Platform | =4.3.0 | |
| Red Hat Enterprise Linux | =4 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat JBoss Seam 2 Framework | ||
| All of | ||
| redhat jboss enterprise application platform | =4.3.0 | |
| Any of | ||
| Red Hat Enterprise Linux | =4 | |
| Red Hat Enterprise Linux | =5 | |
| NetApp OnCommand Balance | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Unified Manager | ||
| All of | ||
| =4.3.0 | ||
| Any of | ||
| =4 | ||
| =5 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1024253
- http://www.securityfocus.com/bid/41994
- https://bugzilla.redhat.com/show_bug.cgi?id=615956
- http://www.vupen.com/english/advisories/2010/1929
- http://www.redhat.com/support/errata/RHSA-2010-0564.html
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
- https://security.netapp.com/advisory/ntap-20161017-0001/
- http://seamframework.org/
- http://docs.jboss.org/seam/2.2.0.GA/en-US/html/elenhancements.html
- https://rhn.redhat.com/errata/RHSA-2010-0564.html
- http://seamframework.org/Community/Seam221CR2IsAvailableForPublic
- http://seamframework.org/Seam2/Downloads
- https://access.redhat.com/security/cve/CVE-2010-1871
- https://www.redhat.com/security/data/cve/CVE-2010-1871.html
- https://www.cve.org/CVERecord?id=CVE-2010-1871 https://nvd.nist.gov/vuln/detail/CVE-2010-1871
- https://access.redhat.com/errata/RHSA-2010:0564
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1871.json
- https://nvd.nist.gov/vuln/detail/CVE-2010-1871
Frequently Asked Questions
What is the severity of CVE-2010-1871?
CVE-2010-1871 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2010-1871?
To fix CVE-2010-1871, ensure that you upgrade to JBoss Seam 2 version 2.0.2.FP-1.ep1.24.el4 or el5.
Who is affected by CVE-2010-1871?
CVE-2010-1871 affects systems running JBoss Seam 2 as implemented in JBoss Enterprise Application Platform 4.3.0.
What causes the vulnerability in CVE-2010-1871?
The vulnerability in CVE-2010-1871 is caused by improper configuration of the Java Security Manager.
Can CVE-2010-1871 be exploited remotely?
Yes, CVE-2010-1871 allows remote code execution, making it a significant threat when exploited.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1871
- agent/title
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- package-manager/redhat
- vendor/redhat
- canonical/red hat jboss enterprise application platform
- version/red hat jboss enterprise application platform/4.3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/4
- version/red hat enterprise linux/5
- vendor/red hat
- canonical/red hat jboss seam 2 framework
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/4.3.0
- vendor/netapp
- canonical/netapp oncommand balance
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager