Skip to navigation

CVE Database

CVE-2011-2730

Impact: Important
Public: 2011-09-09
Bugzilla: 737608: CVE-2011-2730 Spring Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

Details

The MITRE CVE dictionary describes this issue as:

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Find out more about CVE-2011-2730 from the MITRE CVE dictionary and NIST NVD.

Statement

This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research [0] has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products.

[0] http://danamodio.com/application-security/discoveries/spring-remote-code-with-expression-language-injection/

CVSS v2 metrics

Base Score: 6.4
Base Metrics: AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
JBoss Enterprise BRMS Platform 5.3 RHSA-2013:0221 January 31, 2013
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jbossas) RHSA-2013:0193 January 24, 2013
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jbossas) RHSA-2013:0192 January 24, 2013
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jbossas) RHSA-2013:0191 January 24, 2013
Red Hat JBoss Enterprise Application Platform 5.2 RHSA-2013:0194 January 24, 2013
Red Hat JBoss Portal 5.2 RHSA-2013:0953 June 18, 2013
Red Hat JBoss SOA Platform 5.3 RHSA-2013:0533 February 20, 2013
Red Hat JBoss Web Platform 5 for RHEL 4 AS (jbossas-web) RHSA-2013:0197 January 24, 2013
Red Hat JBoss Web Platform 5 for RHEL 5 Server (jbossas-web) RHSA-2013:0196 January 24, 2013
Red Hat JBoss Web Platform 5 for RHEL 6 Server (jbossas-web) RHSA-2013:0195 January 24, 2013
Red Hat JBoss Web Platform 5.2 RHSA-2013:0198 January 24, 2013

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.