Jboss Seam 2 Framework
CVE-2013-6448
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
AnalysisAI
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-264. The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. Affected products include: Redhat Jboss Seam 2 Framework.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Jboss Seam 2 Framework
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today