CVE-2010-1871

HIGH KEV

JBoss Enterprise Application Platform 4.3.0 - Remote Code Execution via JBoss Expression Language Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-1871 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 10, 2021. EIP tracks 3 public exploits from researchers including Metasploit, guerrino di massa, including a Metasploit module auxiliary/admin/http/jboss_seam_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2010-1871, a JBoss Seam 2 vulnerability allowing unauthenticated remote code execution via unsanitized JBoss Expression Language inputs. It uploads a malicious JSP and JAR payload to achieve a Meterpreter shell.

Description

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejsp
https://www.exploit-db.com/exploits/36653

This Metasploit module exploits CVE-2010-1871, a JBoss Seam 2 vulnerability allowing unauthenticated remote code execution via unsanitized JBoss Expression Language inputs. It uploads a malicious JSP and JAR payload to achieve a Meterpreter shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JBoss Seam 2 < 2.2.1CR2, JBoss AS 5/6
No auth needed
Prerequisites: Network access to JBoss admin-console · JBoss Seam 2 vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by guerrino di massa · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/jboss_seam_exec.rb

This Metasploit module exploits a remote command execution vulnerability in JBoss Seam 2 by leveraging unsanitized JBoss Expression Language (EL) inputs. It dynamically identifies method indices for 'Runtime.exec' and 'Runtime.getRuntime' to execute arbitrary commands via a crafted URL.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JBoss Seam 2 (jboss-seam2), JBoss Enterprise Application Platform 4.3.0, IBM WebSphere 6.1
No auth needed
Prerequisites: Java Security Manager misconfiguration · Exposed JBoss Seam 2 endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jboss_seam_upload_exec.rb

This Metasploit module exploits a JBoss Seam 2 vulnerability (CVE-2010-1871) to achieve remote code execution by uploading and executing a malicious JSP file. It leverages improper input sanitization in JBoss Expression Language to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JBoss Seam 2 < 2.2.1CR2, JBoss AS 5 and 6
No auth needed
Prerequisites: Access to vulnerable JBoss Seam 2 application · Network connectivity to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41994
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024253
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1929
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=615956
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0564.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20161017-0001/

Scores

CVSS v3 8.8
EPSS 0.9354
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-12-10
VulnCheck KEV 2011-07-30
InTheWild.io 2021-12-10
ENISA EUVD EUVD-2010-1890
CWE
CWE-917
Status published
Products (4)
netapp/oncommand_balance
netapp/oncommand_insight
netapp/oncommand_unified_manager
redhat/jboss_enterprise_application_platform 4.3.0
Published Aug 05, 2010
KEV Added Dec 10, 2021
Tracked Since Feb 18, 2026