{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-22T23:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1029652", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029652"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794"}, {"name": "56572", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56572"}, {"name": "RHSA-2014:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.443Z"}, "title": "CVE Program Container", "references": [{"name": "1029652", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029652"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794"}, {"name": "56572", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56572"}, {"name": "RHSA-2014:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6448", "datePublished": "2014-01-23T00:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "D364080C-85B8-46A0-B5C7-1590DAF98320", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "4664C66E-3F4B-471E-AAC9-276834A55499", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", "matchCriteriaId": "43CACD28-B9A3-46D5-BA99-AA578F51D693", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", "matchCriteriaId": "1A4951C4-8941-4A7F-B742-B50A812CC4B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", "matchCriteriaId": "1A83D0E2-C724-47D1-9A98-7ACADA8810DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", "matchCriteriaId": "56B7E191-8A62-4BDE-90A4-192BA5696A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", "matchCriteriaId": "4A027797-81BC-4826-BBCC-C5EAEAB3E503", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", "matchCriteriaId": "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", "matchCriteriaId": "D38126DF-747B-4892-9B63-E7E35F98C760", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", "matchCriteriaId": "ECD78557-9403-496D-8512-FA693E291164", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", "matchCriteriaId": "CB076878-0465-44C7-AE59-C9584B3CEE1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", "matchCriteriaId": "F682D85A-5B8C-4F83-BABD-9D28775C3776", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "43DA16B0-8E35-444D-B0BC-6774BBEC9E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", "matchCriteriaId": "D249483C-D9F2-474F-9DDD-775CA573A642", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C5BD9104-7BE9-420F-8DB2-C07748941254", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A6513765-FEB9-4D7E-AE29-E479707AED02", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", "matchCriteriaId": "42291710-D8D1-4C77-8A62-E0B80BA3D5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", "matchCriteriaId": "0BBFD756-FF7B-4163-9924-CC922A7EA1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "226579DC-5DFE-4778-9871-4137B556D3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", "matchCriteriaId": "CB03E6D7-1A07-49EB-AB21-E136132BDF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", "matchCriteriaId": "68FE6392-8774-4534-8903-BE9154FE2795", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", "matchCriteriaId": "9F98F783-0AB2-41BE-8B07-D62438824541", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A206D39-DBF9-4B14-8703-9081682A1EEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", "matchCriteriaId": "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", "matchCriteriaId": "1371416C-30C8-47A6-8A0C-F4E37875BE8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", "matchCriteriaId": "CA790538-865A-4249-B6F9-F0CEC5818E57", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", "matchCriteriaId": "62AB605C-3102-4425-A563-817445B2F187", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E6F5051-BF57-44EA-942F-9E74A06D8B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", "matchCriteriaId": "0FD6DFE0-4FC8-4311-A724-666AA48A64C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", "matchCriteriaId": "EB833625-4D55-4BFE-A05C-5650D342C461", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", "matchCriteriaId": "CB5F7791-FC8F-4E6C-B14D-A31D69086895", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A42F5033-9365-44D7-8B42-A6367456ED8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "04C1DC31-7337-4C24-9DA0-A79D0D442D5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "7376B2C4-542E-42CE-9970-749B78A30571", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "73C2733D-BA18-4E56-9E08-9F334C7DAAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "AFFFDD3E-CBEC-461B-80D8-45EBD04CAE09", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:cr1:*:*:*:*:*:*", "matchCriteriaId": "A5608CA4-7E53-471E-BCD3-F8EA13839557", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.1:cr1:*:*:*:*:*:*", "matchCriteriaId": "24546C35-AAEF-40DE-889A-8AA50D25968C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors."}, {"lang": "es", "value": "El manejador InterfaceGenerator en JBoss Seam Remoting en JBoss Seam 2 framework 2.3.1 y anteriores versiones, tal como se usa en JBoss Web Framework Kit, permite a atacantes remotos evadir la restricci\u00f3n de anotaci\u00f3n de WebRemote y obtener informaci\u00f3n sobre clases y m\u00e9todos arbitrarios en el servidor classpath a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-6448", "lastModified": "2014-01-23T18:17:27.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-23T00:55:03.380", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56572"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1029652"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794"}, {"source": "secalert@redhat.com", "url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jon Passki (Coverity SRL) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:0045", "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0", "package": "Seam", "product_name": "Red Hat JBoss Web Framework Kit 2.4", "release_date": "2014-01-20T00:00:00Z"}], "bugzilla": {"description": "Seam: Information disclosure in remoting", "id": "1044794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors."], "name": "CVE-2013-6448", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Affected", "package_name": "seam", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "ewp-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2014-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6448\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6448"], "statement": "Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4 and 5; Red Hat JBoss Enterprise Portal Platform 5; Red Hat JBoss Enterprise SOA Platform 4 and 5; and Red Hat JBoss Enterprise Web Platform 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "threat_severity": "Low"}