HTTP: Red Hat JBoss Seam InterfaceGenerator Information Disclosure
This signature detects attempts to exploit a known vulnerability in Red Hat JBoss. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by the JBoss Seam Framework to determine which classes are deployed on the server.
Extended Description
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
Affected Products
Redhat jboss_seam_2_framework
Short Name
HTTP:INFO-LEAK:REDHAT-JBOSS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-6448 Disclosure Hat Information InterfaceGenerator JBoss Red Seam bid:65049
Release Date
02/13/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Redhat
CVSS Score
5.0