Seam potential vulnerability at /seam/resource/web
Issue
When an application uses seam-ui module (has jboss-seam-ui.jar as dependency) then parts of the internal implementation can be acquired just by accessing the website.
If path #{app_context}/seam/resource/web is accessed, then archive with Seam classes is downloaded.
Environment
- Seam 2
- JBoss Enterprise Application Platform (EAP) 5.x < 5.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.