Vulnerabilities > Redhat > Jboss Enterprise Application Platform > High

DATE CVE VULNERABILITY TITLE RISK
2010-08-05 CVE-2010-1871 Expression Language Injection vulnerability in multiple products
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL.
network
low complexity
redhat netapp CWE-917
8.8
2010-04-28 CVE-2010-1428 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 4.2.0/4.3.0
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
network
low complexity
redhat
7.5