The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
References
Configurations
History
21 Nov 2024, 00:40
Type | Values Removed | Values Added |
---|---|---|
References | () http://jira.jboss.com/jira/browse/JBSEAM-2084 - Exploit | |
References | () http://osvdb.org/42631 - | |
References | () http://secunia.com/advisories/28077 - Vendor Advisory | |
References | () http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866 - | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0151.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0158.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0213.html - | |
References | () http://www.securityfocus.com/bid/26850 - | |
References | () http://www.vupen.com/english/advisories/2007/4215 - |
Information
Published : 2007-12-18 20:46
Updated : 2024-11-21 00:40
NVD link : CVE-2007-6433
Mitre link : CVE-2007-6433
CVE.ORG link : CVE-2007-6433
JSON object : View
Products Affected
jboss
- seam
CWE
CWE-20
Improper Input Validation