Uploaded image for project: 'JBoss Admin Console'
  1. JBoss Admin Console
  2. JBADMCON-172

CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 1.0 alpha, 1.1 alpha, 2.0 alpha
    • General Console
    • Hide

      To reproduce, you can follow this post: http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html

      With a functionnal exploit, a attacker could execute arbitrary java code and take the underlying operating system under control by exploiting the login page (without knowing any user account). Here is a successful exploitation for JBoss AS 6.1.0 Final:

      $ ./CVE-2010-1871-jboss-seam.py http://localhost:8080/admin-console/login.seam 'uname -an'
      -----------------------------------------------------------------

      CVE-2010-1871: SEAM framework remote command execution

      -----------------------------------------------------------------

      [!] Checking vulnerability...
      [+] Target is vulnerable.
      [!] Executing system command: 'uname -an'

      Linux test 3.2.0-4-amd64 #1 SMP Debian 3.2.32-1 x86_64 GNU/Linux

      Show
      To reproduce, you can follow this post: http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html With a functionnal exploit, a attacker could execute arbitrary java code and take the underlying operating system under control by exploiting the login page (without knowing any user account). Here is a successful exploitation for JBoss AS 6.1.0 Final: $ ./CVE-2010-1871-jboss-seam.py http://localhost:8080/admin-console/login.seam 'uname -an' ----------------------------------------------------------------- CVE-2010-1871: SEAM framework remote command execution ----------------------------------------------------------------- [!] Checking vulnerability... [+] Target is vulnerable. [!] Executing system command: 'uname -an' Linux test 3.2.0-4-amd64 #1 SMP Debian 3.2.32-1 x86_64 GNU/Linux
    • Workaround Exists
    • Hide

      Upgrade to the latest version of the SEAM framework.

      Show
      Upgrade to the latest version of the SEAM framework.

    Description

      The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched).

      This vulnerability allows pre-authentication remote code execution and functional public exploits exist.

      For more details about this issue:

      Attachments

        Activity

          People

            Unassigned Unassigned
            draun Renaud Dubourguais (Inactive)
            Archiver:
            rhn-support-adandapa Aitik Dandapat

            Dates

              Created:
              Updated:
              Resolved:
              Archived:

              PagerDuty