Uploaded image for project: 'JBoss Admin Console'
  1. JBoss Admin Console
  2. JBADMCON-172

CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: 1.0 alpha, 1.1 alpha, 2.0 alpha
    • Fix Version/s: None
    • Component/s: General Console
    • Labels:
    • Steps to Reproduce:
      Hide

      To reproduce, you can follow this post: http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html

      With a functionnal exploit, a attacker could execute arbitrary java code and take the underlying operating system under control by exploiting the login page (without knowing any user account). Here is a successful exploitation for JBoss AS 6.1.0 Final:

      $ ./CVE-2010-1871-jboss-seam.py http://localhost:8080/admin-console/login.seam 'uname -an'
      -----------------------------------------------------------------

      CVE-2010-1871: SEAM framework remote command execution

      -----------------------------------------------------------------

      [!] Checking vulnerability...
      [+] Target is vulnerable.
      [!] Executing system command: 'uname -an'

      Linux test 3.2.0-4-amd64 #1 SMP Debian 3.2.32-1 x86_64 GNU/Linux

      Show
      To reproduce, you can follow this post: http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html With a functionnal exploit, a attacker could execute arbitrary java code and take the underlying operating system under control by exploiting the login page (without knowing any user account). Here is a successful exploitation for JBoss AS 6.1.0 Final: $ ./CVE-2010-1871-jboss-seam.py http://localhost:8080/admin-console/login.seam 'uname -an' ----------------------------------------------------------------- CVE-2010-1871: SEAM framework remote command execution ----------------------------------------------------------------- [!] Checking vulnerability... [+] Target is vulnerable. [!] Executing system command: 'uname -an' Linux test 3.2.0-4-amd64 #1 SMP Debian 3.2.32-1 x86_64 GNU/Linux
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Upgrade to the latest version of the SEAM framework.

      Show
      Upgrade to the latest version of the SEAM framework.

      Description

      The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched).

      This vulnerability allows pre-authentication remote code execution and functional public exploits exist.

      For more details about this issue:

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                draun Renaud Dubourguais
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: