|Bugzilla:||737608: CVE-2011-2730 Spring Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure|
The MITRE CVE dictionary describes this issue as:
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research  has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|JBoss Enterprise BRMS Platform 5.3||RHSA-2013:0221||January 31, 2013|
|Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jbossas)||RHSA-2013:0193||January 24, 2013|
|Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jbossas)||RHSA-2013:0192||January 24, 2013|
|Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jbossas)||RHSA-2013:0191||January 24, 2013|
|Red Hat JBoss Enterprise Application Platform 5.2||RHSA-2013:0194||January 24, 2013|
|Red Hat JBoss Portal 5.2||RHSA-2013:0953||June 18, 2013|
|Red Hat JBoss SOA Platform 5.3||RHSA-2013:0533||February 20, 2013|
|Red Hat JBoss Web Platform 5 for RHEL 4 AS (jbossas-web)||RHSA-2013:0197||January 24, 2013|
|Red Hat JBoss Web Platform 5 for RHEL 5 Server (jbossas-web)||RHSA-2013:0196||January 24, 2013|
|Red Hat JBoss Web Platform 5 for RHEL 6 Server (jbossas-web)||RHSA-2013:0195||January 24, 2013|
|Red Hat JBoss Web Platform 5.2||RHSA-2013:0198||January 24, 2013|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.