Jboss Seam Debug Page Enabled

JBoss Seam is a component framework that provides applications with advanced features such as a unified component model, a powerful conversation model, and integrated bijection and interception. It is also used as a platform for robust, next-generation Web 2.0 applications.

If the debug page is left behind, and it is enabled, it can be used to provide data that may be sensitive.

Impact

Seam Debug pages can provide additional information about the application that may be sensitive. This could lead to a information disclosure. The data may include logs and session data. The disclosure may include usernames, passwords, session id, and other sensitive data.

Solution

Remove the debug pages or if the sensitive data is no longer available remove the ancient debug pages.