CVE-2010-1871

Name of the Vulnerable Software and Affected Versions JBoss Seam 2 versions 2.0 through 2.3 JBoss Enterprise Application Platform version 4.3.0

Description The issue is related to the improper sanitization of inputs for JBoss Expression Language (EL) expressions in JBoss Seam 2, which can be exploited by remote attackers to execute arbitrary code via a crafted URL. This is only considered a vulnerability when the Java Security Manager is not properly configured.

Recommendations For JBoss Seam 2 versions 2.0 through 2.3, ensure the Java Security Manager is properly configured to mitigate the risk of exploitation. For JBoss Enterprise Application Platform version 4.3.0, consider implementing additional security measures to restrict access to vulnerable components until a proper configuration of the Java Security Manager can be achieved.