CVE-2011-1484 in JBoss Enterprise Application Platform信息

摘要

由 VulDB • 2026-06-25

JBoss Seam 2框架中的jboss-seam.jar(版本为2.2.x及更早版本),在Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04和5.1.0以及JBoss Enterprise Application Platform(即JBoss EAP或JBEAP)4.3.0.CP09和5.1.0中分发时,未正确限制FacesMessages在页面异常处理期间对表达式语言(EL)语句的使用,这使得远程攻击者可以通过向应用程序发送构造的URL来执行任意Java代码。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Interested in the pricing of exploits?

See the underground prices here!