Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:INFO-LEAK:REDHAT-JBOSS |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Red Hat JBoss Seam InterfaceGenerator Information Disclosure |
Release Date |
2014/02/13 |
Update Number |
2345 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Red Hat JBoss Seam InterfaceGenerator Information Disclosure
This signature detects attempts to exploit a known vulnerability in Red Hat JBoss. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by the JBoss Seam Framework to determine which classes are deployed on the server.
Extended Description
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
Affected Products
- Redhat jboss_seam_2_framework 2.0.0
- Redhat jboss_seam_2_framework 2.0.1
- Redhat jboss_seam_2_framework 2.0.2
- Redhat jboss_seam_2_framework 2.0.3
- Redhat jboss_seam_2_framework 2.1.0
- Redhat jboss_seam_2_framework 2.1.1
- Redhat jboss_seam_2_framework 2.1.2
- Redhat jboss_seam_2_framework 2.2.0
- Redhat jboss_seam_2_framework 2.2.1
- Redhat jboss_seam_2_framework 2.2.2
- Redhat jboss_seam_2_framework 2.3.0
- Redhat jboss_seam_2_framework 2.3.1
References
- BugTraq: 65049
- CVE: CVE-2013-6448