Seam potential vulnerability at /seam/resource/web

Solution In Progress - Updated -

Issue

When an application uses seam-ui module (has jboss-seam-ui.jar as dependency) then parts of the internal implementation can be acquired just by accessing the website.
If path #{app_context}/seam/resource/web is accessed, then archive with Seam classes is downloaded.

Environment

  • Seam 2
  • JBoss Enterprise Application Platform (EAP) 5.x < 5.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In