CVE-2013-6448

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-0045.html	Vendor Advisory
http://secunia.com/advisories/56572	Vendor Advisory
http://www.securitytracker.com/id/1029652
https://bugzilla.redhat.com/show_bug.cgi?id=1044794	Patch Vendor Advisory
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5
http://rhn.redhat.com/errata/RHSA-2014-0045.html	Vendor Advisory
http://secunia.com/advisories/56572	Vendor Advisory
http://www.securitytracker.com/id/1029652
https://bugzilla.redhat.com/show_bug.cgi?id=1044794	Patch Vendor Advisory
https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_seam_2_framework::::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:::::::*
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:::::::*
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.2:::::::*
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:::::::*
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:alpha::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta2::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:cr1::::::
	cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.1:cr1::::::

History

21 Nov 2024, 01:59

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2014-0045.html - Vendor Advisory~~	() http://rhn.redhat.com/errata/RHSA-2014-0045.html - Vendor Advisory
References	~~() http://secunia.com/advisories/56572 - Vendor Advisory~~	() http://secunia.com/advisories/56572 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1029652 -~~	() http://www.securitytracker.com/id/1029652 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1044794 - Patch, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1044794 - Patch, Vendor Advisory
References	~~() https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 -~~	() https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5 -

Information

Published : 2014-01-23 00:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-6448

Mitre link : CVE-2013-6448

CVE.ORG link : CVE-2013-6448

JSON object : View

Products Affected

redhat

jboss_seam_2_framework

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-6448", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-23T00:55:03.380", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/56572", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1029652", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0045.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/56572", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029652", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044794", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors."}, {"lang": "es", "value": "El manejador InterfaceGenerator en JBoss Seam Remoting en JBoss Seam 2 framework 2.3.1 y anteriores versiones, tal como se usa en JBoss Web Framework Kit, permite a atacantes remotos evadir la restricci\u00f3n de anotaci\u00f3n de WebRemote y obtener informaci\u00f3n sobre clases y m\u00e9todos arbitrarios en el servidor classpath a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D364080C-85B8-46A0-B5C7-1590DAF98320", "versionEndIncluding": "2.3.1"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4664C66E-3F4B-471E-AAC9-276834A55499"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43CACD28-B9A3-46D5-BA99-AA578F51D693"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A4951C4-8941-4A7F-B742-B50A812CC4B5"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:cr3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A83D0E2-C724-47D1-9A98-7ACADA8810DA"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.0:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B7E191-8A62-4BDE-90A4-192BA5696A39"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A027797-81BC-4826-BBCC-C5EAEAB3E503"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67F9B8C2-D2BE-4B4A-829C-528EC716C3FF"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.1:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D38126DF-747B-4892-9B63-E7E35F98C760"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECD78557-9403-496D-8512-FA693E291164"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB076878-0465-44C7-AE59-C9584B3CEE1F"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F682D85A-5B8C-4F83-BABD-9D28775C3776"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DA16B0-8E35-444D-B0BC-6774BBEC9E49"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.0.3:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D249483C-D9F2-474F-9DDD-775CA573A642"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5BD9104-7BE9-420F-8DB2-C07748941254"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6513765-FEB9-4D7E-AE29-E479707AED02"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42291710-D8D1-4C77-8A62-E0B80BA3D5AB"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BBFD756-FF7B-4163-9924-CC922A7EA1AF"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "226579DC-5DFE-4778-9871-4137B556D3A3"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB03E6D7-1A07-49EB-AB21-E136132BDF1E"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68FE6392-8774-4534-8903-BE9154FE2795"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.1:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F98F783-0AB2-41BE-8B07-D62438824541"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A206D39-DBF9-4B14-8703-9081682A1EEE"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B2FE67-27F7-4BF7-A78A-0A5FAAADFE20"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.1.2:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1371416C-30C8-47A6-8A0C-F4E37875BE8F"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA790538-865A-4249-B6F9-F0CEC5818E57"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.0:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AB605C-3102-4425-A563-817445B2F187"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E6F5051-BF57-44EA-942F-9E74A06D8B45"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD6DFE0-4FC8-4311-A724-666AA48A64C5"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB833625-4D55-4BFE-A05C-5650D342C461"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.1:cr3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB5F7791-FC8F-4E6C-B14D-A31D69086895"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A42F5033-9365-44D7-8B42-A6367456ED8F"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04C1DC31-7337-4C24-9DA0-A79D0D442D5A"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7376B2C4-542E-42CE-9970-749B78A30571"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C2733D-BA18-4E56-9E08-9F334C7DAAF5"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFFFDD3E-CBEC-461B-80D8-45EBD04CAE09"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.0:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5608CA4-7E53-471E-BCD3-F8EA13839557"}, {"criteria": "cpe:2.3:a:redhat:jboss_seam_2_framework:2.3.1:cr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24546C35-AAEF-40DE-889A-8AA50D25968C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10