Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-6448

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.

Published

2014-01-23T00:55:03.380

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	jboss_seam_2_framework	≤ 2.3.1	Yes
Application	redhat	jboss_seam_2_framework	2.0.0	Yes
Application	redhat	jboss_seam_2_framework	2.0.0	Yes
Application	redhat	jboss_seam_2_framework	2.0.0	Yes
Application	redhat	jboss_seam_2_framework	2.0.0	Yes
Application	redhat	jboss_seam_2_framework	2.0.0	Yes
Application	redhat	jboss_seam_2_framework	2.0.1	Yes
Application	redhat	jboss_seam_2_framework	2.0.1	Yes
Application	redhat	jboss_seam_2_framework	2.0.1	Yes
Application	redhat	jboss_seam_2_framework	2.0.2	Yes
Application	redhat	jboss_seam_2_framework	2.0.2	Yes
Application	redhat	jboss_seam_2_framework	2.0.2	Yes
Application	redhat	jboss_seam_2_framework	2.0.2	Yes
Application	redhat	jboss_seam_2_framework	2.0.3	Yes
Application	redhat	jboss_seam_2_framework	2.1.0	Yes
Application	redhat	jboss_seam_2_framework	2.1.0	Yes
Application	redhat	jboss_seam_2_framework	2.1.0	Yes
Application	redhat	jboss_seam_2_framework	2.1.0	Yes
Application	redhat	jboss_seam_2_framework	2.1.0	Yes
Application	redhat	jboss_seam_2_framework	2.1.1	Yes
Application	redhat	jboss_seam_2_framework	2.1.1	Yes
Application	redhat	jboss_seam_2_framework	2.1.1	Yes
Application	redhat	jboss_seam_2_framework	2.1.2	Yes
Application	redhat	jboss_seam_2_framework	2.1.2	Yes
Application	redhat	jboss_seam_2_framework	2.1.2	Yes
Application	redhat	jboss_seam_2_framework	2.2.0	Yes
Application	redhat	jboss_seam_2_framework	2.2.0	Yes
Application	redhat	jboss_seam_2_framework	2.2.1	Yes
Application	redhat	jboss_seam_2_framework	2.2.1	Yes
Application	redhat	jboss_seam_2_framework	2.2.1	Yes
Application	redhat	jboss_seam_2_framework	2.2.1	Yes
Application	redhat	jboss_seam_2_framework	2.2.2	Yes
Application	redhat	jboss_seam_2_framework	2.3.0	Yes
Application	redhat	jboss_seam_2_framework	2.3.0	Yes
Application	redhat	jboss_seam_2_framework	2.3.0	Yes
Application	redhat	jboss_seam_2_framework	2.3.0	Yes
Application	redhat	jboss_seam_2_framework	2.3.0	Yes
Application	redhat	jboss_seam_2_framework	2.3.1	Yes

References

http://rhn.redhat.com/errata/RHSA-2014-0045.html Vendor Advisory ([email protected])
http://secunia.com/advisories/56572 Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1029652 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1044794 Patch, Vendor Advisory ([email protected])
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0045.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/56572 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1029652 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1044794 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 (af854a3a-2127-422b-91ae-364da2661108)