PT-2014-3121 · Red Hat · Jboss Seam 2
Publicado
2014-01-23
·
Atualizado
2014-01-23
·
CVE-2013-6448
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JBoss Seam 2 framework versions 2.3.1 and earlier
Description
The issue allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath.
Recommendations
For JBoss Seam 2 framework versions 2.3.1 and earlier, consider restricting access to the InterfaceGenerator handler as a temporary workaround until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jboss Seam 2