Red Hat Customer Portal

Skip to main content

CVE-2011-2730

Impact:
Important
Public Date:
2011-09-09
Bugzilla:
737608: CVE-2011-2730 Spring Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

The MITRE CVE dictionary describes this issue as:

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Find out more about CVE-2011-2730 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research [0] has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products.

[0] http://danamodio.com/application-security/discoveries/spring-remote-code-with-expression-language-injection/

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 6.4
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Portal 5.2 RHSA-2013:0953 2013-06-18
Red Hat JBoss Enterprise Application Platform 5.2 RHSA-2013:0194 2013-01-24
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (xml-security) RHSA-2013:0191 2013-01-24
Red Hat JBoss Web Platform 5.2 RHSA-2013:0198 2013-01-24
Red Hat JBoss SOA Platform 5.3 RHSA-2013:0533 2013-02-20
JBoss Enterprise BRMS Platform 5.3 RHSA-2013:0221 2013-01-31
Red Hat JBoss Web Platform 5 for RHEL 6 Server (xml-security) RHSA-2013:0195 2013-01-24
Red Hat JBoss Web Platform 5 for RHEL 5 Server (xml-security) RHSA-2013:0196 2013-01-24
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (xml-security) RHSA-2013:0193 2013-01-24
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (xml-security) RHSA-2013:0192 2013-01-24
Red Hat JBoss Web Platform 5 for RHEL 4 AS (xml-security) RHSA-2013:0197 2013-01-24

Last Modified