CVE-2007-6433

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jira.jboss.com/jira/browse/JBSEAM-2084	Exploit
http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866
http://secunia.com/advisories/28077	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0158.html
http://www.redhat.com/support/errata/RHSA-2008-0151.html
http://www.redhat.com/support/errata/RHSA-2008-0213.html
http://www.securityfocus.com/bid/26850
http://osvdb.org/42631
http://www.vupen.com/english/advisories/2007/4215

Configurations

Configuration 1 (hide)

cpe:2.3:a:jboss:seam:*:cr2:*:*:*:*:*:*

Information

Published : 2007-12-18 12:46

Updated : 2011-03-07 19:02

NVD link : CVE-2007-6433

Mitre link : CVE-2007-6433

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

jboss

seam

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jira.jboss.com/jira/browse/JBSEAM-2084", "name": "http://jira.jboss.com/jira/browse/JBSEAM-2084", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866", "name": "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/28077", "name": "28077", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html", "name": "RHSA-2008:0158", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html", "name": "RHSA-2008:0151", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html", "name": "RHSA-2008:0213", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/26850", "name": "26850", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/42631", "name": "42631", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/4215", "name": "ADV-2007-4215", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-6433", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-12-18T20:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jboss:seam:*:cr2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T03:02Z"}

7.5 /10