JBoss Seam 2 Framework actionOutcome Remote Code Execution Exploit

An input sanitization flaw was found in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam framework. This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 framework.
Platform: 
Vulnerabilty ID: 
CVE-2010-1871
Product Version: 
10.5
Released Date: 
Friday, September 24, 2010 - 00:00