CVE-2007-6433

Impact:
Moderate
Public Date:
2007-12-19
Bugzilla:
426206: CVE-2007-6433 EJBQL injection via 'order' parameter

The MITRE CVE dictionary describes this issue as:

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Find out more about CVE-2007-6433 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server RHSA-2008:0213 2008-04-02
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) RHSA-2008:0158 2008-03-24
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2008:0158 2008-03-24
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS RHSA-2008:0151 2008-04-02

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.