CVE-2013-6447

Name of the Vulnerable Software and Affected Versions JBoss Seam 2 framework versions 2.3.1 and earlier

Description The issue concerns Multiple XML External Entity (XXE) vulnerabilities in certain classes of JBoss Seam Remoting. These vulnerabilities allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. The affected classes include ExecutionHandler, PollHandler, and SubscriptionHandler.

Recommendations For JBoss Seam 2 framework versions 2.3.1 and earlier, consider updating to a version that addresses these XXE vulnerabilities. As a temporary workaround, restrict access to the ExecutionHandler, PollHandler, and SubscriptionHandler classes to minimize the risk of exploitation. Avoid processing crafted XML files until the issue is resolved.