JBoss Seam 2 Framework actionOutcome Remote Code Execution Exploit

An input sanitization flaw was found in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam framework. This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 framework.
Vulnerabilty ID: 
Released Date: 
Thursday, September 23, 2010 - 19:00